2022-09-13 Security Subcommittee Meeting Notes

Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 13th of September 2022.

Jira No

Summary

Description

Status

Solution

Jira No

Summary

Description

Status

Solution

 

Finishing the RACI Matrix

https://lf-onap.atlassian.net/wiki/display/DW/Project+State%3A+Unmaintained

Some description modifications "or Delegated" in the TSC responsibility + TSC should be on updates.

ongoing

Present updates to TSC (Muddasar).

 

List of cryptographic protocols used in ONAP

Currently existing Wiki is not updated:

We could link to IANA with list of cypher up to date:

https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4

To consider default choice as best practice to use.

We focus first on the external API communication for the cyphers.

Tony proposed to make a direct reference per table to IANA in SECCOM Wiki.

ongoing

 

 

PTLs meeting

SECCOM Kohn upgrades status update:

DMaaP is finding false positive misidentification - waiting for more details from Fiachra.

Update on the Security Logging Fields and Global Requirement  - need PoC for Python based containers. For Java based containers PTLs should strat adopting that. 

ongoing

We come back to PTLs at the next meeting with next update.

 

TSC meeting

Catherine moving to TAC, not clear who is going to be a new TSC chair

3GPP YANG models usage and licensing problem – storing source code

ongoing

 

 

LFN projects after Amy’s discussion with Ranny

Security SME discussion for LFN TAC: https://wiki.lfnetworking.org/display/LN/2022+Security+SME+seat+role+definition

  • More secure best practices in place, being more proactice 

  • Security expertise provision to TAC

  • Advising TAC on security topics 

started

 

 

Update about Sonarcloud 

Bob opened the ticket: https://jira.linuxfoundation.org/plugins/servlet/theme/portal/2/IT-24461?sda_source=notification-email, all languages that are supported, are enabled. Some test, demo or archived code was obsered.

closed

 

 

Ticket created by Thomas Kulik 

New request from Thomas: https://jira.linuxfoundation.org/plugins/servlet/theme/portal/2/IT-24491 

resolved - not an issue

 

 

SECCOM MEETING CALL WILL BE HELD ON 20th OF September'22. 

Architecture review template to be reviewed.

MITRE SCDR discussion.

 

 

 

 

Recordings: 

SECCOM presentation: