Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 15th of August 2023.

Jira No
SummaryDescriptionStatusSolution

5 Years security questionnaire for Policy projectReview of Policy questionnaire with Policy representative meetings
Policy framework began the review of 5yr questionnaire and will complete the review at the 22 August meeting.

Oparent

-Only 2 PTLs responded to Amy’s e-mail

-No objections on Oparent retirement, we have no volunteer to maintain it up to date

-pom.xml contains more than cross project common package dependencies


Recommendation:

-retain oparent/pom.xml

-Make Andreas Geissler a committer and ask the integration or OOM team to update the file per release

-Proposal:

  • Option 1 (short term): ask the integration or OOM team to update the file per release
  • Option 2 (long term): split into multiple pieces that could be independently maintained: dependencies, build directives, profiles

-Byung will discuss with Andreas and OOM team and report at 8/22 SECCOM

-Amy will contact Liam Fallon  and Pam for history


No PTL for AAI, DCAE, OOF

-Andreas Geissler and Thomas Kulik made committers

-They will do the work necessary for the projects to participate in the release

Will AAI, DCAE, OOF have security vulnerabilities fixed?

-Byung will discuss with Andreas and Thomas to coordinate release tasks such as backlog prioritization

-Muddasar: someone needs to take backlog management role

-Muddasar: no mandated best practice to manage technical debt; call for a statement about code quality – all code will be secure

-Muddasar & Amy: bring mandate for code quality to LFN TAC 2023/8/16


ONAP Streamlining

-Role of SECCOM

-Prioritization of vulnerability fixes

-Prioritization of security enhancements

-Proposal: ONAP projects work with latest version of common components such as Istio, KeyCloak, Kafka

ONAP Streamlining - The Process

Deck shared with TSC: ONAP - Streamlining the process Report-2023-8-3-v2.pptx (live.com)




TSC meeting (August 17th)





LFN-TAC (August 16th)

Review of security best practice recommendations for LFN projects: Security Best Practices




NEXT SECCOM MEETING CALL WILL BE HELD ON 29th of August 2023. 







Recordings: 


SECCOM presentation:





  • No labels