Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Current »

Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 9th of February 2021.

Jira No
SummaryDescriptionStatusSolution

LFN event

2 presentations provided:

  • packages upgrades (Amy, Vijay and  Pawel)
  • CII Badging (Tony)

Anuket project – Samuli – security tools for CNF.

done

Slides on SECCOM requirements to be presented at the next Requirements Subcommittee meeting on Monday February 15th. 

POM file version to be provided to PTLs.

Exception process with deadline before RC0.


ONAP Log security management

Fabian shared his presentation:

2 types of basic image hardening. It was done by Morgan.

PoCs with SPC (brand news project) and Policy (project which already took efforts to integrate with logging) proposed to move forward.

ongoing

Next steps 

Deploy logging architecture

Analyze events linked to threats


Instambul SECCOM requirements
  • Packages upgrades
  • CII Badging - crypto verification private and implement secure design
  • PoC Security documentation and assurance cases:with DCAE and CPS
  • Integrate SonarCloud crypto findings as an integration test
  • Integrate SonarCloud coverage results as integration test: block on decreases in code coverage, provide exception process
  • PoC Service Mesh
ongoingSlide to be updated and shared with Alla.

Service Mesh PoC status updateNew release of Kubernetes to be integrated. Some issue with Envoy.


Sonarcloud crypto takeaways

Weak crypto report from Sonarcloud. Jiras to be opened. How to get a report with API to be figured out. 5 cathegories of findings: certificate validation, host name of certificate, using secure mode and padding, using weak protocols, encoding passwords as plain text.  




Logs management – what to do next?

We come back to this topic during next meeting (in February 9th)




OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 16th OF FEBRUARY'21. 




Recording:


SECCOM presentation:




  • No labels