/
2021-01-26 Security Subcommittee Meeting Notes

2021-01-26 Security Subcommittee Meeting Notes

Owned by Paweł Pawlak
Last updated: Feb 05, 2021
2 min read

Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 26th of January 2021.

Jira No

Summary

Description

Status

Solution

Jira No

Summary

Description

Status

Solution

 

Honolulu SECCOM requirements

Slides prepared and reviewed by Amy:

Common logs management turned into PoC.

ongoing

To be presented at the LFN event within Requirements Subcommitee review.

 

Instambul SECCOM requirements

  • Packages upgrades

  • CII Badging - crypto verification private and implement secure design

  • PoC Security documentation and assurance cases:with DCAE and CPS

  • Integrate SonarCloud crypto findings as an integration test

  • Integrate SonarCloud coverage results as integration test: block on decreases in code coverage, provide exception process

  • PoC Service Mesh

ongoing

Slide to be updated and shared with Alla.

 

Service Mesh PoC status update

New release of Kubernetes to be integrated. Some issue with Envoy.

 

 

 

Sonarcloud crypto takeaways

Weak crypto report from Sonarcloud. Jiras to be opened. How to get a report with API to be figured out. 5 cathegories of findings: certificate validation, host name of certificate, using secure mode and padding, using weak protocols, encoding passwords as plain text.  

 

 

 

Logs management – what to do next?

We come back to this topic during next meeting (in February 9th)

 

 

 

OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 9th OF FEBRUARY'21. 

 

 

 

Recording:

 

 

SECCOM presentation: