Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 11th of May 2021.
Jira No | Summary | Description | Status | Solution |
---|---|---|---|---|
NSA proposal follow-up | Meeting on May 3rd:
| ongoing | Next meetings will be organized ad hoc. SECCOM weekly meetings will be regularly used. Amy will facilitate exchanges with Maggie and NSA team. | |
Additional 2 resources from Orange to improve ONAP security | Progress with SO – Fabian, first Focus on performance application issue. | ongoing | ||
ONAP security with the OPS 5G project | Next meeting on May 6th, deck prepred and presented by Amy: | ongoing | To be presented on May 6th | |
ONAP CII discussion | Requirement: There MUST be no unpatched vulnerabilities of medium or higher severity that have been publicly known for more than 60 days. | ongoing | Slot to be booked at the next PTLs meeting to present this issue. | |
SonarCloud answers for our questions | Please refer to slides 4-7. | ongoing | We will discuss answers next week. | |
Logging anagement follow-up | Fabian prepared slides with logging architecture. Some requiremets for logging are in scope of security and some are more general (and outside of security domain). Bob did the summary of logging specs andshared with SECOM via distribution list. | ongoing | We can start with the simple requirment. Slide draft shall be presented at the SECCOM and then presented to Architecture Subcommittee - Amy will share the logging requirmeents slide deck. | |
Continuation of discussion on Fabian’s comment on logging management | Bob shared the link: ONAP Application Logging Specification v1.3 (Frankfurt)#MDC-InvocationIDMDC-InvocationID | ongoing | Fabian to present most recent logging management archiecture to Archiecture Subcommittee. Bob to elaborate the link provided. | |
NEXUS-IQ – SCA analysis outputs | Analysis almost done:
| |||
OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 18th OF MAY'21. |
Recording:
SECCOM presentation: