Skip to content

Add survey data for "Showcasing Frictionless Secure Coding Success Stories and Pain Points in CNCF Projects"#2185

Merged
julsemaan merged 3 commits into
mainfrom
initiative/security-friction
Jun 5, 2026
Merged

Add survey data for "Showcasing Frictionless Secure Coding Success Stories and Pain Points in CNCF Projects"#2185
julsemaan merged 3 commits into
mainfrom
initiative/security-friction

Conversation

@julsemaan
Copy link
Copy Markdown
Contributor

@julsemaan julsemaan commented Jun 3, 2026
edited
Loading

Closes #1943

@julsemaan julsemaan requested a review from a team as a code owner June 3, 2026 20:35
@github-actions github-actions Bot added needs-triage Indicates an issue or PR that has not been triaged yet (has a 'triage/foo' label applied) needs-kind Indicates an issue or PR that is missing an issue type or kind (a kind/foo label) labels Jun 3, 2026
@github-actions github-actions Bot added the needs-group Indicates an issue or PR that has not been assigned a group (toc or tag/foo label applied) label Jun 3, 2026
julsemaan added 2 commits June 3, 2026 16:37
@julsemaan
add secure coding survey results
e715b3c 
Signed-off-by: Julien Semaan <jul.semaan@gmail.com>
@julsemaan
add secure coding survey results
6d2c16f 
Signed-off-by: Julien Semaan <jul.semaan@gmail.com>
@julsemaan julsemaan force-pushed the initiative/security-friction branch from 276d2e7 to 6d2c16f Compare June 3, 2026 20:38
danieloh30
danieloh30 reviewed Jun 3, 2026
View reviewed changes
Comment thread tags/tag-developer-experience/initiatives/showcase-frictionless-secure-coding/README.md Outdated

* Secure DevEx Pain Point & Usability Report: Findings from maintainers and contributors, with actionable recommendations.
* Maturity Case Studies: Extracted lessons from established CNCF projects to illustrate effective approaches others can adopt.
* ~~Maturity Case Studies: Extracted lessons from established CNCF projects to illustrate effective approaches others can adopt.~~
Copy link
Copy Markdown
Contributor

@danieloh30 danieloh30 Jun 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just curiosity. What is "~~" for?

Copy link
Copy Markdown

@stmcginnis stmcginnis Jun 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe it is the GitHub Markdown syntax for strikethrough text. Maybe the next bullet should just be a non-formatted append to this bullet to make it a little more clear? Or something like "Abandoned - Maturity Case Studies"?

Copy link
Copy Markdown
Contributor

@danieloh30 danieloh30 Jun 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If this bullet is supposed to be removed, feel free to update the PR.

danieloh30
danieloh30 reviewed Jun 3, 2026
View reviewed changes
Comment thread ...eloper-experience/initiatives/showcase-frictionless-secure-coding/survey-results-analysis.md Outdated

The data suggests five headline findings:

1. **Awareness of TAG S&C guidance is low.** Most respondents rated their familiarity at the low end of the scale.
Copy link
Copy Markdown
Contributor

@danieloh30 danieloh30 Jun 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TAG S&C should be the full name - "TAG Security and Compliance"

danieloh30
danieloh30 approved these changes Jun 3, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@danieloh30 danieloh30 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added a few minor comments though, the others look good to me. Well done @julsemaan

@julsemaan
Adjust based on feedback
2703043 
Signed-off-by: Julien Semaan <jul.semaan@gmail.com>
@github-actions github-actions Bot requested a review from danieloh30 June 4, 2026 18:31
@julsemaan
Copy link
Copy Markdown
Contributor Author

julsemaan commented Jun 4, 2026

@danieloh30, please take another look. Thanks!

danieloh30
danieloh30 approved these changes Jun 4, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@danieloh30 danieloh30 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cool! Looks great to me. Thanks for the updates!

@kdubois
Copy link
Copy Markdown
Contributor

kdubois commented Jun 5, 2026

lgtm. Too bad we haven't been able to get more results. Based on this report it's clear that DevEx is an important factor in adopting (or the lack of) security so there are definitely opportunities for follow up initiatives in this area

@julsemaan julsemaan merged commit 7778c62 into main Jun 5, 2026
2 checks passed
@github-project-automation github-project-automation Bot moved this from New to Done in CNCF TOC Board Jun 5, 2026
@julsemaan julsemaan deleted the initiative/security-friction branch June 5, 2026 19:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kdubois kdubois kdubois approved these changes

@danieloh30 danieloh30 danieloh30 approved these changes

@salaboy salaboy Awaiting requested review from salaboy

@SwEngin SwEngin Awaiting requested review from SwEngin

+1 more reviewer

@stmcginnis stmcginnis stmcginnis left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

needs-group Indicates an issue or PR that has not been assigned a group (toc or tag/foo label applied) needs-kind Indicates an issue or PR that is missing an issue type or kind (a kind/foo label) needs-triage Indicates an issue or PR that has not been triaged yet (has a 'triage/foo' label applied)

Projects

CNCF TOC Board
Status: Done
TAG Developer Experience
Status: No status
TAG Infrastructure
Status: No status
TAG Operational Resilience
Status: No status
TAG Security and Compliance
Status: No status
TAG Workloads Foundation
Status: No status

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Initiative]: Showcasing Frictionless Secure Coding Success Stories and Pain Points in CNCF Projects

4 participants

@julsemaan @kdubois @stmcginnis @danieloh30