Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 17 Next »

This centralized page, for all Istanbul projects, is aimed at identifying the risks as they are foreseen within the release life cycle.

A Risk that materialized becomes an Issue.

Status:

  • Identified: a risk that has been identified, but has not yet been analyzed / assessed yet 
  • Assessed: an identified risk which currently has no risk response plan 
  • Planned: an identified risk with a risk response plan
  • In-Process: a risk where the risk response is being executed 
  • Closed: a risk that occurred and is transferred to an issue or the risk was solved/avoided
  • Not occurred: a risk that was identified but that did not occur 
  • Rejected: created and kept for tracking purposes but considered not to be used yet


Risk IDProject Team or person identifying the riskIdentification DateRisk (Description and potential impact)Team or component impacted by the risk

Mitigation Plan

(Action to prevent the risk to materialize)


Contingency Plan - Response Plan

(Action in case of the risk materialized)

Probability of occurrence (probability of the risk materialized)

High/Medium/Low

Impact

High/Medium/Low

StatusNotes
1OOF

 

Problem with removing GPLv3 components from OSDF docker imageOSDFPossible ways of solving the problem are documented here. OSDF Image optimizationRaise an exception for this release and continue to work on itMediumMediumIdentified
2Policy

 

Problems resulting from upgrade of jetty-serverPolicy, oparentRequest update to oparent sooner rather than later so that impact may be assessedRaise an exception for this release and continue to work on itLowHigh

Not occurred (based on discussion with James Hahnin PTL meeting Aug 23)

Reviewed Aug 23
3Policy

 

Problems resulting from upgrade of CDS jarsPolicy, CDSBe proactive with CDS team
MediumLow

Closed (based on discussion with James Hahnin PTL meeting Aug 23)

Reviewed Aug 23
4Policy

 

TSOCA Control Loops are dependent on migration of DCAE kubernetesPolicy, DCAEBe proactive with DCAE team
MediumMedium

In process (based on discussion with Liam Fallon in PTL meeting Aug 23)

Reviewed Aug2 3
5AAI

 

Lack of resources to deliver security bugs/issues

REQ-439 - CONTINUATION OF PACKAGES UPGRADES IN DIRECT DEPENDENCIES 

AAI-3194, AAI-3292

AAIMake best efforts to resolve the security findingsRaise an exception for this release and continue to work on itMediumLow

TBDWilliam Reehilplanning to file waiver.  Discuss with Catherine what the appropriate status should be.

Reviewed Aug 23
6AAI

 

Janusgraph does not support Java 11

REQ-438 - COMPLETION OF JAVA LANGUAGE UPDATE (v8 → v11)

AAINot much we can doRaise an exception for this release and hope janusgraph supports java 11 in the coming releaseHighLow

TBDWilliam Reehilwaiver filed.  Discuss with Catherine what the appropriate status should be.

Reviewed Aug 23
7DMaaP Message Router

 

REQ-438 - COMPLETION OF JAVA LANGUAGE UPDATE (v8 → v11)  

Confluent base images used by Message Router kafka/zookeeper are built using Java 8. Move to a newer version is a risk based on resources/time constraints.

DMaaPSource some more resources for the project to address this issue.Obtain a waiver for the problem packagesHighLowIdentified
9CCSDK

 

Most recent AAF shiro plugin version appears to still be compiled for Java 8, which causes problems when installed in Karaf under Java 11.AAFAAF plugin is not installed until this is resolved - installing it breaks the container.Will continue to use built-in ODL credentials instead of using AAF to authenticateHighLow

Assessed (based on discussion with Dan Timoneyin PTL meeting Aug 23)

Reviewed Aug 23
10DCAE

 

REQ-438 - COMPLETION OF JAVA LANGUAGE UPDATE (v8 → v11)

dcaemod-designtool & dcaemod-nifi-registry has dependency on upstream (NiFI) project which is currently on java8


DCAEContinue H versionWaiver/Exception to  be filed with SECCOM HighLowIdentified
  11DCAE

 

Scope of DCAE Transformation (REQ-685) being large and dependency on multiple projects (DCAE, OOM, Integration, CLAMP) - there is risk in completing the planned scope in entierity for this releaseDCAE, Integration, OOM, CLAMPPeriodic assessment with all impacted project;  adjust target scope if required.Defer subset of features to J releaseMediumMediumIdentified
12UUI

 

USECASEUI-574 - Getting issue details... STATUS

Update the vulnerable direct dependencies in code base but the result is unknown, and we don't have the lab environment to verify it now

UUIDelay it until our lab environment is ready
HighLowIdentified
13UUI

 

USECASEUI-405 - Getting issue details... STATUS

Not enough human resource to do this modification

UUIContinue working on it until next release
HighLowIdentified
14SDC

 

Not able to fix all the identified security issues required by the global requirement  REQ-443 - Getting issue details... STATUS , reported in  SDC-3607 - Getting issue details... STATUS  and  SDC-3608 - Getting issue details... STATUS

SDCSource resources to take a look and responsibility to fix the issues as soon as possible. Items will be tracked twice a week.Raise an exception for this release and continue to work on itLowLowNot occurred
15SDC

 

Not able to update all the required vulnerabilities, as per general requirement  REQ-439 - Getting issue details... STATUS SDCContinuously monitor the vulnerabilities reported Raise an exception for this release and continue to work on itLowLowNot occurred
16SDC

 

Code coverage fail to meet the required goal. Currently we are very close to the requirement of at least 55% of line coverage.SDCTrack code coverage closely and try to identify the changes that introduced drops and improve them.Raise an exception for this release and continue to work on itLowLowNot occurred
17SDC

 

Not able to fix  OJSI-94 - Getting issue details... STATUS . Was identified that the issue requires a significant change in the front end of the workflow plugin in SDC. There is no resource for now to deal with the problem.

SDCTry to find resources in the community to work on the issue. The issue will be tracked twice a week during the release.Raise an exception for this release and continue to work on itHighLowIdentified
18SO

 

Need a patch for the NSSMF adapter for the defect found during the E2E pairwise testing.SOPatch nssmf-adapter 1.9.1 is made and released for the Istanbul release

This is the first patch for nssmf-adapter in the I release on oom and hence the risk is raised.


MediumMedium

In progress.

TSC has been informed about the change.













  • No labels