2022-04-26 Security Subcommittee Meeting Notes
Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 26th of April 2022.
Jira No | Summary | Description | Status | Solution |
---|---|---|---|---|
| Vulnerable package reportion automation | Presentation provided by Brianna and Bert. Great job (150 hours → 2 hours)! Safes a lot of manual work for us. Enhancements for the future:
| ongoing | import excel into confluence: |
| Event June 13th-16th Porto, Portugal Please register: https://events.linuxfoundation.org/lfn-developer-testing-forum/ | started |
| |
|
|
| started | Remaining topic proposals to be submitted. Brian to share what kind of security due diligence is performed by BellCanada. ONAP is used for 5G slicing orchestration. Fabian to check if could contribute on how qualify software to be deployed, what duediligence was performed.
|
| OSA documentation update per release | Thomas asked for a branch to be created for Jakarta | started | Pawel to |
| Last PTLs meeting – 25th of April |
1.SDC-3954 - open 2.SDNC-1692 - done 3.OOM-2957 – open – reassigned to Fiachra
1.OOM-2958 – open - reassigned to Fiachra 2.INT-2104 – in progress |
|
|
| logging PoC report | Ajay (Ericsson) is working on the connection between FluntBit and ElasticSearch. He is leaving Ericsson end of this week, so some of our OOM team members have key learning sessions with him. I told Ajay to check in his code. We plan to report our log PoC progress/demo to SECCOM sometime soon. That is the plan. | ongoing |
|
| SBOM: patch to add the path for VES | -Jess is trying to validate the procedure | ongoing | Muddasar to share e-mail that Vijay shared with Jess. |
| CPS gold badge | Dedicated meeting to be scheduled – 2 tickets created at LFN IT:
|
| Next focus on Nexus to get A grade. |
| LFN white paper 5G E2E security |
|
| |
| 5Y review | tp be presented on May 9th to PTLs. |
| slot to be booked for Tony at the PTLs meeting by Pawel. |
| OpenSSF intro by David Wheeler | Link to recording and slide deck: https://wiki.lfnetworking.org/display/LN/LFN+Security+Forum review for the near future – are our pipeline or processes optimal? | to be done |
|
| NIST 5G Cybersecurity draft document | started | to be addressed at the next SECCOM | |
| Kohn SECCOM Global Requirements | -[REQ-437 -> REQ-800 ] -> REQ-1067 -> REQ-1208 COMPLETION OF PYTHON LANGUAGE UPDATE (v2.7 → v3.8) -[REQ-438 -> REQ-801] -> REQ-1068 -> REQ-1209 COMPLETION OF JAVA LANGUAGE UPDATE (v8 → v11) -[REQ-439 -> REQ-863] -> REQ-1066 -> REQ-1211 CONTINUATION OF PACKAGES UPGRADES IN DIRECT DEPENDENCIES -[REQ-443] -> REQ-1069 -> REQ-1210 CONTINUATION OF CII BADGING SCORE IMPROVEMENTS FOR SILVER LEVEL | started | Logging requirment - target full PoC for Kohn and then Global Requirement for London release. |
| SECCOM MEETING CALL WILL BE HELD ON 3rd OF MAY'22. |
|
|
|
Recording:
SECCOM presentation: