Versions Compared

Old Version 1

changes.mady.by.user Paweł Pawlak

Saved on

compared with

New Version 2

changes.mady.by.user Paweł Pawlak

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Jira No
SummaryDescriptionStatusSolution

  • CII Badging update – Tony
To discuss with David McBride his role in supporting CII BadgingDavid to be invited for the next SECCOM meeting

E-mail was sent to David.


 ONAP access management - NatachaUser has an access to all services which is not ok
 Service Mesh POC could be a solution to further investigate, amount of work with AAF could be high as an alternative.

SECCOM proposed release assessment for TSC at 12/5 meeting

-KPIs

  • CII badging – Tony
  • Closed OJSI tickets – Krzysztof
  • Known vulnerability management – Amy
  • Code Coverage – Amy/Pawel

-Define the passing criteria for security

Define the KPIs for the Frankfurt release

Define the SECCOM passing criteria

Owners of each KPI asked to update the KPI and passing criteria in Frankfurt security assessment


Code Coverage:

  • Pierre proposed a Frankfurt POC with CLAMP to measure testing on core and new functionality
  • Define core and non-core
  • Amy will reach out to Kenny and David to set up a meeting with SONAR to learn more about the tool.
  • SONAR reports on  the percentage of new code that is covered by a test. Need the definition of New and if it is possible to define in the tool.

CII badging:

  • Tony reviewed enhancements of his CII metrics website
  • Assurance case (documentation of project security measures)
    • Only 10 of 38 projects have answered this question (5 Met, 5 Unmet) d
    • Proposed that SECCOM produce a template for this case to be used by all projects
    • Get TSC approval for template
  • Communications Matrix pilot - Natacha working with DCAE project (Vijay)

Frankfurt security assessment (https://wiki.onap.org/display/DW/Frankfurt+Security+Assessment+Proposal)

Percentage values are proposed for each KPI.

Wiki with proposals is ready for commentsWe have to book a slot at the next PTL call to present those proposals and then at the TSC call to present recommendation for approval.

Update on CLI OJSI tickets

ONAP SECCOM and MSB synch call (15/11/19)

ONAP SECCOM and CLI synch call (25/11/19)

  • CLI to prioritize OJSI tickets over known vulnerabilities in 3rd party packages

WE wait +/- 3 weeks to let CLI project to perform agreed actions.

ONAP F2F in Prague – topics proposals (https://wiki.lfnetworking.org/display/LN/Call+for+ONAP+DDF+Topics+-+Prague+2020 ):

  • SECCOM F2F
  • Working session – testable VNF security requirements
  • Joint discussion with CNTT on security like security requirements,
  • Status update OOM password removal
  • Status update ingress controller introduction
  • ISTIO common discussion
  • Communication matrix update – diagram and interactions from it
Topics were included into the wiki proposals.SECCOM members are encouraged to assign themselves as interested to participate in those topics.

 Topics identified for next week's SECCOM agenda
  • CII Badging update – Tony
  • POM file update and packages updates – Amy
  • VNF security requirements – Amy
  • OOM passwords generation update - Krzysztof
  • ONAP user management – Natacha
  • ONAP and SOL004 VNF signature update – Samuli



 Jonathan is leaving AT&T - early retirement


...