...
| Jira No | Summary | Description | Status | Solution | Security Call Data Record (SCDR) presentation by David | Secure slicing capability in 5G is seemed almost equivalent VLAN capability. https://wiki.lfnetworking.org/pages/viewpage.action?pageId=74647627 Byung presented yesterday, one of the things was Intent Based Networking, Maggie will present as well around this topics (metrics). | Logging Global Requirement | Choice of application logging standardout and standarderr - security challenged. Problem statement: Fluentbit can not access logs in other pod. Changing base image with modifying permissions for standardout and standarderr. Potential compliance issue to be studied. Long term solution would deal with security mesh (ISTIO based). Log format - not specified in GR. Java POC for CPS is in JSON, but at this stage it might be an impact. | Bob to come back to Vijay with Berth in copy. | ||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Unmaintained meeting | New time line - after PTLs call - to be confirmed with David. | SBOM crossproject | Muddasar is working with LF support. Changing version of output file was causing problems. | London SECCOM requirements | Approved by TSC. | TSC meeting on November 3rd | Kohn Release notes Ongoing TSC Chair/Vice Chair elections LFN Governance Board ONAP status update – slide deck preparation ONAP transformation - presentation by Magnus ONAP cross-community topic for LFN DDF - SBOM https://wiki.lfnetworking.org/pages/viewpage.action?pageId=80281797, TSC are in agreement on the topic for first day of D&TF | Architecture subcommittee | Checking what could be the input to Magnus' Mainstream (to be presented at the DTF). Presentation about security by Andrew with Byung assistance. | Operational Security Assurance for Open Source 5G Mobile Networks | Will be presented by Maggie at the DTFONAP's evolution | Magnus's presentation invokes discussions in Archcom and in SECCOM. SECCOM does not identify specific value in moving from subcommittee to Special Interest Group. We value fast decitsion making and execution on time. ORAN defined ONAP core functions from their perspective. It cvould be a good baseline for us. | started | ||
| ONAP security review questionnaire | In October the first application finished filling out our ONAP security review questionnaire, DCAE - ONAP Security Review Questionnaire Template -3 x 1 hour sessions needed to go through the process. -To be further discussed on how we should proceed with reviewing it. Grade system usefullness to be discussed. Actions to follow up are valuable. | ongoing | We book the slot in the agenda for next week to collect feedback on Vijay's answers and questionnaire itself. | ||||||||||||
| SECCOM Dashboard | Weekly scans re-enabled with Michal’s support: | ||||||||||||||
| ONES NA summary | Multiple interesting presentations, SECCOM included. It was great to meet some of you in person! Waivers policy was presented and discussed. We can not accept never ending waivers. | ||||||||||||||
TSC meeting | TSC Chair voting process started – Pawel candidates Discussion on supercommitter rights | ||||||||||||||
| SCA analysis | Automated NEXUS-IQ scans and recommendations for packages upgrades for London release. Work in progress. | ||||||||||||||
SECCOM MEETING CALL WILL BE HELD ON 6th OF |
...
SECCOM presentation:
2022-11-29 ONAP Security Meeting - AgendaAndMinutes.pptx