2021-03-30 Security Subcommittee Meeting Notes
- Paweł Pawlak
Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 30th of March 2021.
Jira No | Summary | Description | Status | Solution |
|---|---|---|---|---|
| Last TSC update | CNF Task Force meeting moved to 31st of March, US governement support may help increasing open source „apps 5G”. https://zoom.us/j/219945081?pwd=ZEN3U3daem9oMGJuZ3BXZExCdldkUT09 | ogoing | SECCOM representatives will join this session with US military on open source secure software development for 5G. |
| Slide deck for new Global Requirements |  For CII Badging ongoing conversation for mainained/unmaintained projects at passing level. Infrastructure related question (hardening of the site) for gold level - all our projects set unmet - LF would have to handle. Private vulnerability reports. Cultural change - possibility to add new people to project. Statement coverage at 90% and test branch coverage at 80%. Couple of questions that are project level that should be met - example 2 people's review. We are actively involved with David Wheeler to simplify CII badging answers by automation. | ongoing | To be presented at the incoming TSC meeting - slot in the agenda to be booked.. LoE = Level of Effort for packages upgrades to be collected from projects which succeeded in their efforts.
Tony to be added to private vulnerability reports. To further discuss within SECCOM Tony's findings. |
| Training for SonarCloud | Scoping meeting on Thursday at 5:30 CEST. | ongoing |
|
| Last PTL meeting | Discussion on change coming from project after the deadline on RC0/RC1 milestone. |
|
|
| Last TSC meeting | Presentation about ONAP & O-RAN, usage of MVP of ONAP. | ongoing | Slot to be booked for the next TSC meeting for moving best practices to global requirements |
| Certificates issues (expiring) | Raised by Turkish company (Urlak?) that works with ONAP for 3 years already in 5G context. | ongoing | OOM team to be contacted - they meet on Wednesdays. |
| Logging management follow-up | To be checked the status whther Stdout usage for logging was voted as Best Practice. Fabian created 3 tickets to SDC. FluentD to be used to export logs. | ongoing | To be check the status with David McBride. |
| Voting process for LFN Board candidates | PLease use your voting rights to support our Colleagues - e-mail from Casey: Amy, Krzysztof and Martial. | ongoing |
|
| Comments for logs | In 2 weeks to review Fabian's comments. | ongoing |
|
| Automating in CII Badging | Contributions are welcome - please contact Tony. Python skills would be needed or any equivalent. | ongoing |
|
| OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 6th OF APRIL'21. |
|
|
|
Recording:
SECCOM presentation:
