Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 19th of April 2022.
Jira No | Summary | Description | Status | Solution |
---|---|---|---|---|
LFN Developer & Testing Forum | Event June 13th-16th Porto, Portugal Please register: https://events.linuxfoundation.org/lfn-developer-testing-forum/ | started | ||
SECCOM topics proposal:
| ||||
Synch with OOM |
1.SDC-3954 3.OOM-2957
1.OOM-2958 2.INT-2104 | |||
Asessment model | Muddasar presented a proposal for 5Y assessment model: Assesment should be for a ONAP project as a whole. Report should be actionable - movement rule from level to the other is defined. It should also include process or tool improvement recommendation. We could use SAMM tool and some of our and their questions to have quick and easy asessment. Risk/threat model to be used. Asessment models are usually based on interviews. | started | ||
Issue raised with SECCOM by Kohei - About Critical Information Leak | Ticket was opened to SDNC: https://jira.onap.org/browse/SDNC-1691 log file was removed from the Wiki. | started | Confirmation e-mail to be sent to Kohei by Amy. | |
Synch with Architecture Subcommittee | -LF Security conformance - Byung Amy saw presentation of LF CEO -Unmaintained projects proposals - Byung We focus on Portal first and then on AAF. | started | Byung to send an e-mail to Kenny to get LFX Security presentation for SECCOM. | |
Code quality | Fabian provided a presentation: In clean as you code developer shall be motivated. Quality gate conditions shall be generalized. Usage of Sonarlint allows for faster detection (on the fly) comparing to Conarccloud. Security hotspots, we need to have a reviewer in this arrea that would do the action (e.g. acknowledge). Jiras were setup in a special way. Commercial tool provides a way to fix the issue. | ongoing | ||
CPS gold badge | 2 tickets created at LFN IT:
Bruno mentioned:
| started | E-mail to be shared with Bruno o tickets and links - done. | |
SECCOM MEETING CALL WILL BE HELD ON 26th OF April'22. |
Recording:
SECCOM presentation: