From f5c26686a1acc8c1c2c8809f752e605e10c2fdac Mon Sep 17 00:00:00 2001
From: Marco De Benedictis <marco.de-benedictis@control-plane.io>
Date: Tue, 18 Jun 2024 11:08:00 +0200
Subject: [PATCH 1/8] docs: add events to community folder

- renames files to follow same naming convention (hyphens)

Signed-off-by: Marco De Benedictis <marco.de-benedictis@control-plane.io>
---
 community/events/README.md                           | 12 ++++++++++++
 .../events/cloud-native-security.md                  |  2 +-
 past-events.md => community/events/past-events.md    |  2 +-
 safe_kubecon.md => community/events/safe-kubecon.md  |  0
 4 files changed, 14 insertions(+), 2 deletions(-)
 create mode 100644 community/events/README.md
 rename cloud_native_security.md => community/events/cloud-native-security.md (99%)
 rename past-events.md => community/events/past-events.md (99%)
 rename safe_kubecon.md => community/events/safe-kubecon.md (100%)

diff --git a/community/events/README.md b/community/events/README.md
new file mode 100644
index 000000000..957adec1d
--- /dev/null
+++ b/community/events/README.md
@@ -0,0 +1,12 @@
+# Events
+
+## Upcoming Gatherings
+
+[CloudNativeSecurityCon](https://events.linuxfoundation.org/cloudnativesecuritycon-north-america/):
+June 26 – 27, 2024 — Seattle, Washington
+
+## Recurring General Meetings
+
+[Weekly US Meeting](https://zoom.us/j/99809474566): each Wednesday at 10 am (UTC-7)
+
+[Bi-Weekly EMEA Meeting](https://zoom.us/j/99917523142): on Wednesdays at 1 pm (UTC+0, UTC+1 when daylight saving time is in effect)
diff --git a/cloud_native_security.md b/community/events/cloud-native-security.md
similarity index 99%
rename from cloud_native_security.md
rename to community/events/cloud-native-security.md
index c7f01a7d8..1dae9e28e 100644
--- a/cloud_native_security.md
+++ b/community/events/cloud-native-security.md
@@ -23,7 +23,7 @@ project, architecture, and enhance team awareness on security.
 
 - Copenhagen, Denmark
 - May 2-4, 2018
-- [notes](safe_kubecon.md)
+- [notes](safe-kubecon.md)
 
 [KubeCon + CloudNativeCon, Shanghai](https://events19.linuxfoundation.cn/events/kubecon-cloudnativecon-china-2018/)
 
diff --git a/past-events.md b/community/events/past-events.md
similarity index 99%
rename from past-events.md
rename to community/events/past-events.md
index 1b97756bd..44e2aa593 100644
--- a/past-events.md
+++ b/community/events/past-events.md
@@ -5,7 +5,7 @@
 <!-- cSpell:ignore timothyhinrichs -->
 <!-- cSpell:ignore sreetummidi -->
 
-A list of past KubeCon/Cloud Native SecurityCon events an be found [here](cloud_native_security.md)
+A list of past KubeCon/Cloud Native SecurityCon events can be found [here](cloud-native-security.md)
 
 ## DockerCon, San Francisco, CA, Apr 30 - May 2, 2019
 
diff --git a/safe_kubecon.md b/community/events/safe-kubecon.md
similarity index 100%
rename from safe_kubecon.md
rename to community/events/safe-kubecon.md

From a7522e9155899015c301ee0d3107f7b214c381ed Mon Sep 17 00:00:00 2001
From: Marco De Benedictis <marco.de-benedictis@control-plane.io>
Date: Tue, 18 Jun 2024 11:09:07 +0200
Subject: [PATCH 2/8] feat: add community folder to website directory via
 makefile

Signed-off-by: Marco De Benedictis <marco.de-benedictis@control-plane.io>
---
 website/Makefile                 |  1 +
 website/content/events/_index.md | 10 ----------
 2 files changed, 1 insertion(+), 10 deletions(-)
 delete mode 100644 website/content/events/_index.md

diff --git a/website/Makefile b/website/Makefile
index 0fca670c5..239abb6e6 100644
--- a/website/Makefile
+++ b/website/Makefile
@@ -6,6 +6,7 @@ deps:
 	--include='assessments' --include='assessments/**' \
 	--include='governance' --include='governance/**' \
 	--include='publications' --include='publications/**' \
+	--include='community' --include='community/**' \
 	--include='*.md' --exclude='*'
 
 	# Move over content such as graphics and logos
diff --git a/website/content/events/_index.md b/website/content/events/_index.md
deleted file mode 100644
index 75359dc12..000000000
--- a/website/content/events/_index.md
+++ /dev/null
@@ -1,10 +0,0 @@
----
-title: Events
-menu:
-  main:
-    weight: 20
-description: Upcoming Events
----
-
-[CloudNativeSecurityCon](https://events.linuxfoundation.org/cloudnativesecuritycon-north-america/):
-June 26 – 27, 2024 — Seattle, Washington

From 4eb9a704b239ab1f761aeacaf1fe4138a7a50aa4 Mon Sep 17 00:00:00 2001
From: Marco De Benedictis <marco.de-benedictis@control-plane.io>
Date: Wed, 19 Jun 2024 11:01:30 +0200
Subject: [PATCH 3/8] docs: add community README

Signed-off-by: Marco De Benedictis <marco.de-benedictis@control-plane.io>
---
 community/README.md | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 community/README.md

diff --git a/community/README.md b/community/README.md
new file mode 100644
index 000000000..30f6c609a
--- /dev/null
+++ b/community/README.md
@@ -0,0 +1,3 @@
+# TAG-Security Community Activities
+
+The Security TAG has several working groups that organize community activities around specific topics, including recurring meetings.

From b7abb2e1b11e8a8251c8f05e90ea1e7b85e26d75 Mon Sep 17 00:00:00 2001
From: Marco De Benedictis <marco.de-benedictis@control-plane.io>
Date: Wed, 19 Jun 2024 11:02:01 +0200
Subject: [PATCH 4/8] chore: remove community default layout

Signed-off-by: Marco De Benedictis <marco.de-benedictis@control-plane.io>
---
 .../themes/docsy/layouts/community/list.html  | 19 -------------------
 1 file changed, 19 deletions(-)
 delete mode 100644 website/themes/docsy/layouts/community/list.html

diff --git a/website/themes/docsy/layouts/community/list.html b/website/themes/docsy/layouts/community/list.html
deleted file mode 100644
index d66a50ed6..000000000
--- a/website/themes/docsy/layouts/community/list.html
+++ /dev/null
@@ -1,19 +0,0 @@
-{{ define "main" }}
-
-<a class="td-offset-anchor"></a>
-<section class="row td-box td-box--1 position-relative td-box--gradient td-box--height-auto">
-	<div class="container text-center td-arrow-down">
-		<span class="h4 mb-0">
-<h1>Join the {{ .Site.Title }} community</h1>
-
-<p>{{ .Site.Title }} is an open source project that anyone in the community can use, improve, and enjoy. We'd love you to join us! Here's a few ways to find out what's happening and get involved.
-</span>
-	</div>
-</section>
-{{ partial "community_links.html" . }}
-
-<div class="td-content">
-{{ .Content }}
-</div>
-
-{{ end }}

From e72b133583a695261600174d12c7d27838973a37 Mon Sep 17 00:00:00 2001
From: Marco De Benedictis <marco.de-benedictis@control-plane.io>
Date: Wed, 19 Jun 2024 11:22:58 +0200
Subject: [PATCH 5/8] fix(safe-kubecon.md): linting, spelling

Signed-off-by: Marco De Benedictis <marco.de-benedictis@control-plane.io>
---
 community/events/safe-kubecon.md | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/community/events/safe-kubecon.md b/community/events/safe-kubecon.md
index 8d09ae997..37a433a7f 100644
--- a/community/events/safe-kubecon.md
+++ b/community/events/safe-kubecon.md
@@ -1,15 +1,14 @@
-### SAFE Recap @ [Kubecon Europe 2018](https://events.linuxfoundation.org/events/kubecon-cloudnativecon-europe-2018/)
+# SAFE Recap @ [Kubecon Europe 2018](https://events.linuxfoundation.org/events/kubecon-cloudnativecon-europe-2018/)
 
-SAFE had two sessions for introducing SAFE and  getting feedback from the community. 
+SAFE had two sessions for introducing SAFE and  getting feedback from the community.
 
 * [SAFE WG Intro](https://kccnceu18.sched.com/event/ENw3/safe-wg-intro-jeyappragash-j-j-padmeio-ray-colline-google-any-skill-level)
 * [SAFE WG Deep Dive](https://kccnceu18.sched.com/event/ENw5/safe-wg-deep-dive-ray-colline-google-intermediate-skill-level)
 
 We had a small but relevant group and hallway conversations were equally engaging and informative.
 
-Excited to have [Liz Rice](https://github.com/lizrice) and [Justin Cormack](https://github.com/justincormack) join us. 
+Excited to have [Liz Rice](https://github.com/lizrice) and [Justin Cormack](https://github.com/justincormack) join us.
 
-Across the board, everyone I had conversation with, there was a natural acknowledgement that security is an end-end problem and understanding secure access and providing a safe end-end system for enduser is critical. Highlighted at the [keynote by Alexis](https://twitter.com/MayaKaczorowski/status/991601395450171392?s=15).
+Across the board, everyone I had conversation with, there was a natural acknowledgement that security is an end-end problem and understanding secure access and providing a safe end-end system for end-user is critical. Highlighted at the [keynote by Alexis](https://twitter.com/MayaKaczorowski/status/991601395450171392?s=15).
 
 We are just getting started on this, incredibly excited to be part of this team and the effort!
-

From 98feb2d5589ee31b7b51b34aa25c23e64e6883c6 Mon Sep 17 00:00:00 2001
From: Marco De Benedictis <marco.de-benedictis@control-plane.io>
Date: Wed, 19 Jun 2024 15:44:17 +0200
Subject: [PATCH 6/8] ci: update link test retries on 429

Signed-off-by: Marco De Benedictis <marco.de-benedictis@control-plane.io>
---
 ci/link-config.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ci/link-config.json b/ci/link-config.json
index 1ad3a9dbe..0e43c9de4 100644
--- a/ci/link-config.json
+++ b/ci/link-config.json
@@ -1,13 +1,13 @@
 {
     "aliveStatusCodes": [200,206,402],
-    "fallbackRetryDelay": "5s",
+    "fallbackRetryDelay": "10s",
     "replacementPatterns": [
       {
         "pattern": "^/",
         "replacement": "{{BASEURL}}/"
       }
     ],
-    "retryCount": 3,
+    "retryCount": 5,
     "retryOn429": true,
     "timeout": "20s",
     "httpHeaders": [

From e921144973ce03149698ec907202bf4e563ac9fc Mon Sep 17 00:00:00 2001
From: abhisek <abhisek.datta@gmail.com>
Date: Wed, 12 Jun 2024 23:21:03 +0530
Subject: [PATCH 7/8] docs: Update SSC compromise catalog

fix: Linter errors

docs: Add reference to apt vulnerability description

Signed-off-by: abhisek <abhisek.datta@gmail.com>
---
 supply-chain-security/compromises/2010/apache.md      |  4 ++++
 supply-chain-security/compromises/2010/fsf-website.md |  2 ++
 supply-chain-security/compromises/2010/proftpd.md     |  8 +++++---
 supply-chain-security/compromises/2011/kernelorg.md   |  2 +-
 supply-chain-security/compromises/2013/apt.md         |  5 +++++
 supply-chain-security/compromises/README.md           | 10 +++++-----
 6 files changed, 22 insertions(+), 9 deletions(-)

diff --git a/supply-chain-security/compromises/2010/apache.md b/supply-chain-security/compromises/2010/apache.md
index 479dbb732..6b213f4f5 100644
--- a/supply-chain-security/compromises/2010/apache.md
+++ b/supply-chain-security/compromises/2010/apache.md
@@ -15,3 +15,7 @@ databases are considered leaked.
 ## Type of compromise
 
 Attack Chaining - multiple compromises.
+
+## Reference
+
+- <https://www.invicti.com/blog/web-security/apacheorg-and-jira-incident/>
diff --git a/supply-chain-security/compromises/2010/fsf-website.md b/supply-chain-security/compromises/2010/fsf-website.md
index cc0a0c7ff..094b4efc2 100644
--- a/supply-chain-security/compromises/2010/fsf-website.md
+++ b/supply-chain-security/compromises/2010/fsf-website.md
@@ -1,5 +1,7 @@
 # Free Software Foundation Website Hack
 
+**Note:** Review if this incident can be categorized as supply chain incident as per [compromise definitions](../compromise-definitions.md)
+
 The source repository for the FSF's website was hacked via a SQL injection.
 
 ## Impact
diff --git a/supply-chain-security/compromises/2010/proftpd.md b/supply-chain-security/compromises/2010/proftpd.md
index 2ec62d90f..c1f07d05b 100644
--- a/supply-chain-security/compromises/2010/proftpd.md
+++ b/supply-chain-security/compromises/2010/proftpd.md
@@ -1,4 +1,6 @@
-# ProFTPD hack
+<!-- cSpell:ignore FTPD -->
+
+# ProFTPD Hack and Backdoor
 
 A source code repository server of an open-source project (ProFTPD) was hacked
 by unknown attackers who planted a backdoor in the source code.
@@ -15,5 +17,5 @@ and it's unlikely a key compromise was involved.
 
 ## References
 
-- https://www.zdnet.com/article/open-source-proftpd-hacked-backdoor-planted-in-source-code/
-- https://www.theregister.com/2010/12/02/proftpd_backdoored/
+- <https://www.zdnet.com/article/open-source-proftpd-hacked-backdoor-planted-in-source-code/>
+- <https://www.theregister.com/2010/12/02/proftpd_backdoored/>
diff --git a/supply-chain-security/compromises/2011/kernelorg.md b/supply-chain-security/compromises/2011/kernelorg.md
index a6cdc2a44..cdaf86511 100644
--- a/supply-chain-security/compromises/2011/kernelorg.md
+++ b/supply-chain-security/compromises/2011/kernelorg.md
@@ -1,5 +1,5 @@
 <!-- cSpell:ignore gkh's -->
-# kernel.org infrastructure compromise
+# kernel.org Infrastructure Compromise
 
 While the kernel.org compromise didn't likely involve source code (and would
 have had limited impact), from gkh's mail: "the compromise of kernel.org and
diff --git a/supply-chain-security/compromises/2013/apt.md b/supply-chain-security/compromises/2013/apt.md
index 2f8fb1e92..93d51f1df 100644
--- a/supply-chain-security/compromises/2013/apt.md
+++ b/supply-chain-security/compromises/2013/apt.md
@@ -12,3 +12,8 @@ authenticity wasn't being used for source packages.
 ## Type of compromise
 
 Negligence - Insufficient client-side package authenticity verification
+
+## References
+
+* <https://ubuntu.com/security/notices/USN-1762-1>
+* <https://nvd.nist.gov/vuln/detail/CVE-2013-1051>
diff --git a/supply-chain-security/compromises/README.md b/supply-chain-security/compromises/README.md
index e413e0403..41abf6e4f 100644
--- a/supply-chain-security/compromises/README.md
+++ b/supply-chain-security/compromises/README.md
@@ -30,7 +30,7 @@ of compromise needs added, please include that as well.
 <!-- cSpell:disable -->
 | Name              | Year               | Type of compromise    | Link        |
 | ----------------- | ------------------ | ------------------    | ----------- |
-| [Malware Disguised as Installer used to target Korean Public Institution] | 2024 | Trust and Signing | [1](https://asec.ahnlab.com/en/63396/) |
+| [Malware Disguised as Installer used to target Korean Public Institution](2024/targeted-signed-endoor.md) | 2024 | Trust and Signing | [1](https://asec.ahnlab.com/en/63396/) |
 | [3proxy signing incident](2024/laixi-3proxy.md) | 2024 | Trust and Signing | [1](https://news.sophos.com/en-us/2024/04/09/smoke-and-screen-mirrors-a-strange-signed-backdoor/) |
 | [xz backdoor incident](2024/xz.md) | 2024 | Malicious Maintainer | [1](https://cloudsecurityalliance.org/blog/2024/04/25/navigating-the-xz-utils-vulnerability-cve-2024-3094-a-comprehensive-guide) |
 | [GitGot: using GitHub repositories as exfiltration store](2024/gitgot.md) | 2024 | Trust and Signing | [1](https://www.reversinglabs.com/blog/gitgot-cybercriminals-using-github-to-store-stolen-data) |
@@ -100,12 +100,12 @@ of compromise needs added, please include that as well.
 | [Code Spaces](2014/code-spaces.md) | 2014    | Source Code | [1](https://threatpost.com/hacker-puts-hosting-service-code-spaces-out-of-business/106761/) |
 | [Monju Incident](2014/monju.md) | 2014    | Publishing infrastructure| [1](https://www.contextis.com/en/blog/context-threat-intelligence-the-monju-incident) |
 | [APT lack of validation for source packages](2013/apt.md) | 2013 | Negligence | [1](https://lwn.net/Articles/602461/) |
-| [GitHub rails/rails Vulnerability](2012/ruby-on-rails-github.md) | 2012 | Source Code <br> Dev Tooling | [1](https://homakov.blogspot.com/2012/03/how-to.html), [2](https://github.blog/2012-03-05-responsible-disclosure-policy/) |
-| [kernel.org compromise](2011/kernelorg.md) | 2011 | Publishing infrastructure | [1](https://lwn.net/Articles/461237/), [2](https://lwn.net/Articles/461552/) |
+| [GitHub Ruby on Rails Repository Hack](2012/ruby-on-rails-github.md) | 2012 | Source Code <br> Dev Tooling | [1](https://homakov.blogspot.com/2012/03/how-to.html), [2](https://github.blog/2012-03-05-responsible-disclosure-policy/) |
+| [kernel.org Infrastructure Compromise](2011/kernelorg.md) | 2011 | Publishing infrastructure | [1](https://lwn.net/Articles/461237/), [2](https://lwn.net/Articles/461552/) |
 | [FSF Website Hack](2010/fsf-website.md) | 2010 | Source Code | [1](https://www.computerworld.com/article/2752415/free-software-foundation-s-software-repository-hacked.html) |
-| [apache.org incident](2010/apache.md) | 2010 | Attack Chaining | [1](https://blogs.apache.org/infra/entry/apache_org_04_09_2010) |
+| [apache.org Internal Tools Compromise](2010/apache.md) | 2010 | Attack Chaining | [1](https://www.invicti.com/blog/web-security/apacheorg-and-jira-incident/) |
 | [Operation Aurora](2010/aurora.md) | 2010 | Watering-hole attack | [1](https://www.wired.com/2010/03/source-code-hacks/) |
-| [ProFTPD](2010/proftpd.md) | 2010 | Publishing Infrastructure | [1](https://www.zdnet.com/article/open-source-proftpd-hacked-backdoor-planted-in-source-code/) |
+| [ProFTPD Hack and Backdoor](2010/proftpd.md) | 2010 | Publishing Infrastructure | [1](https://www.zdnet.com/article/open-source-proftpd-hacked-backdoor-planted-in-source-code/) |
 | [WordPress backdoor](2007/wordpress.md) | 2007 | Source Code <br> Publishing Infrastructure </br> | [1](https://lwn.net/Articles/224997/) |
 | [SquirrelMail backdoor](2007/squirrelmail.md) | 2007 | Source Code <br> Publishing Infrastructure | [1](https://lwn.net/Articles/262688/) |
 | [Linux Kernel CVS Repository Hack](2003/kernel-repository.md) | 2003 | Source Code <br> Dev Tooling | [1](https://lwn.net/Articles/57135/) |

From 7a1993ff94efc7de91ce4a35a7843c5d42f01776 Mon Sep 17 00:00:00 2001
From: abhisek <abhisek.datta@gmail.com>
Date: Fri, 21 Jun 2024 15:01:51 +0530
Subject: [PATCH 8/8] docs: Update category for FSF websie hack incident

Signed-off-by: abhisek <abhisek.datta@gmail.com>
---
 supply-chain-security/compromises/2010/fsf-website.md | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/supply-chain-security/compromises/2010/fsf-website.md b/supply-chain-security/compromises/2010/fsf-website.md
index 094b4efc2..87a4ec45b 100644
--- a/supply-chain-security/compromises/2010/fsf-website.md
+++ b/supply-chain-security/compromises/2010/fsf-website.md
@@ -1,7 +1,5 @@
 # Free Software Foundation Website Hack
 
-**Note:** Review if this incident can be categorized as supply chain incident as per [compromise definitions](../compromise-definitions.md)
-
 The source repository for the FSF's website was hacked via a SQL injection.
 
 ## Impact
@@ -11,7 +9,7 @@ exfiltrate user names and encrypted passwords from the affected server.
 
 ## Type of Compromise
 
-Source Code
+Attack Chaining
 
 ## References