project: KSPP

Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>

projects/kspp/roadmap.md

@@ -0,0 +1,21 @@
+# Kernel Self Protection Project (KSPP)
+
+The [Kernel Self Protection Project](https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project) is a community
+effort to harden the upstream Linux kernel by eliminating classes of vulnerabilities.
+
+Many similar protections have existed in other projects, but have yet to have been upstreamed. Since Moby is a consumer
+of the Linux kernel and aims to be the most secure distro it can be, it is in our maintainers' best interests to collaborate
+on upstream Linux security measures.
+
+
+## Roadmap
+
+**Near-term:**
+- We've aligned our `kernel_config` and `sysctl` settings with the
+[KSPP recommendations](https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project#Recommended_settings) -
+we should continue to track these
+  - Note: we check for these settings in our CI tests (see `check_kernel_config.sh`)
+- @tych0 is working on KSPP patches, which are submitted to the [kernel hardening mailing list](http://www.openwall.com/lists/kernel-hardening/)
+
+**Long-term:**
+- Increase involvement in the project