2023-04-25 Security Subcommittee Meeting Notes
- Paweł Pawlak
Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 25th of April 2023.
Jira No | Summary | Description | Status | Solution |
|---|---|---|---|---|
Review of the deck prepared by Muddasar | "Building a better 5G future..." for OSS associated conference (May 9th). | started | ||
SBOM Types & Minimum Requirements for VEX Documents - shared by Muddasar | Improvements in SBOMs and sharing info on vulnerabilities. The Types of SBOM document summarizes common types of SBOMs that tools may create in the industry today, along with the data typically presented for each type of SBOM. As software goes from planning to source to build to deployed and used, tools may be able to detect subtle differences in the underlying components. These types will allow for better differentiation of tools and in the broader marketplace. The Minimum Requirements for VEX document specifies the minimum elements to create a VEX document. This will allow interoperability between different implementations and data formats of VEX. It will also help promote integration of VEX into novel and existing security tools. This document also specifies some optional VEX elements. Today ONAP supports pull method for SBOM. | started | ||
LFX Security Dashboard | ongoing | Amy will meet with Jess later today. | ||
Final list of unmaintained and packages upgrades for London release | We wait till M4 for TSC presentation. | ongoing | Fix to be provided for packages upgrades. | |
PTL meeting (April 24th) | Liam will provide his feedback on Policy interest to participate in Security Questionnaire for next project | ongoing | ||
CPS presentation for DTF virtual event | Tony is open to help and contribute. | |||
TSC meeting (April 20th) | ONAP Takeaways summary | |||
SECCOM MEETING CALL WILL BE HELD ON 9th May 2023. |
Recordings:
SECCOM presentation:
2023-04-25 ONAP Security Meeting - AgendaAndMinutes.pptx