2021-05-18 Security Subcommittee Meeting Notes

Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 18th of May 2021.

Jira No

Summary

Description

Status

Solution

Jira No

Summary

Description

Status

Solution

 

2021 LFN Developer & Testing Forum June 2021-06-07 - 2021-06-10 

Register to  LFN Developer & Testing Forum June

Proposals:  2021 LFN Developer & Testing Forum June 

SECCOM proposal: ONAP: SECCOM activities for Istanbul release

ongoing

 

 

SonarCloud questions review

Permission problems - Jess to rely on community - e-mail was sent to Jess, waiting for her feedback.

ongoing

Jess to contact with Alex.

 

ONAP CII discussion – last PTL meeting

Questions to be considered by ONAP community as special focus in Instanbul release presented at the last PTLs meeting:

  • application weak cryptography,

  • server side request forgery,

  • XML external entity,

  • cross site scripting

ongoing

 

 

NEXUS-IQ – SCA analysis done

Jira tickets (tasks) were created per project for Instanbul release.

Ongoing work on some projects.

PTLs were remainded yesterday to start working on packages upgrades.

ongoing

 

 

Direct vs. indirect dependencies with container scans

Amy opened a ticket at Sonatype (IT-22048) for direct vs. indirect dependencies with container scans.

ongoing

 

 

Logging management follow-up

A slide deck draft "ONAP Next Generation Architecture & Logging Architecture, Design and Roadmap"  was presented (link below) by Byung-Woo Jun from Architecture Subcommittee. Work with OOM team (Sylvain and Krzysztof).

ElasticSearch - licensing problems?

Limitations in Keycloak - 200 tenants.

ongoing

 

 

Logging requirements analyssi update by Bob

Bob's Intro

NSA - Jess intro

Looing at the logging requirements.

https://attack.mitre.org/ → enterprise metrix, container metrix. and telecom matrix: https://web.tresorit.com/l/lN841#uqbRHdXCFzVVX8obs1OEUw&viewer=1yoh8gKZ0tA9WqU9asFUHKl2Jp024UTo

ongoing

 

 

OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 25th OF MAY'21. 

 

 

 

 

Recording:

 

SECCOM presentation:

  • a slide deck draft "ONAP Next Generation Architecture & Logging Architecture, Design and Roadmap", ONAP-Next-Generation-Security-Logging-2021-5-18-v1.pptx

    • This slide deck will be presented at the LFN DDF June Event.

    • Byung and others plan to refine it. Please provide your comment and share insight.