/
2022-07-19 Security Subcommittee Meeting Notes

2022-07-19 Security Subcommittee Meeting Notes

Owned by Paweł Pawlak
Last updated: Jul 26, 2022
2 min read

Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 19th of July 2022.

Jira No

Summary

Description

Status

Solution

Jira No

Summary

Description

Status

Solution

 

Service Mesh presentation by Andreas Geissler 

Andreas presented 4 networking options. Option 3 with ISTIO and Sidecar was recommended by SECCOM as default. 

ONAP "Networking" Options (>=Kohn)

ServiceMesh in Kohn...

started

Discussion with Byung to be continued during OOM meeting.

 

David Wheeler presentation on SBOM and digital signatures

Operationalization of OpenSSF recommendations is not an easy topic...

David's slides: https://docs.google.com/presentation/d/1BptlMG8kV14FutTMx3s9u4EnIL1Yzxt6-NID5H5XfAE/edit#slide=id.g13d496f372e_0_110

https://openssf.org/oss-security-mobilization-plan/

  • Identifies 3 goals, 10 streams to address those goals

SBOM recommended to be part of build process.

Package managers are good first step. SPDX in SECCOM uses package manager.

Dan Lorenc wrote an interesting paper on what is inside the container.

 

 

 

Next LFN events

ONE Summit NA Registration Open

  • CFP - Deadline: July 8th; 2022

  • Nov. 15 & 16 2022 Seattle, WA, USA

  • In Person

LFN Developer & Testing Forum NA Registration Open

  • Nov. 17 & 18 2022 Seattle, WA, USA

  • In Person

  • Securiung software supply chain by LFN - new topic to be proposed

 

Proposals to be submitted.

 

 

 

 

 

 

SECCOM MEETING CALL WILL BE HELD ON 26th OF July'22. 

logging implementation discussion continuation.

 

 

 

 

Recording: 

 

SECCOM presentation: