2023-01-31 Security Subcommittee Meeting Notes

Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 31st of January 2023.

Jira No

Summary

Description

Status

Solution

Jira No

Summary

Description

Status

Solution



Logging security discussion by Byung

Node vs. pod level logging update, pods logs visible but not yet with content, kyverno used for policy management.

Meeting with Justin and Maggie scheduled later today by Byung.

ongoing

Next week conclusion expected.





CPS Security review questionaire by Tony

Slot for a meeting with CPS team still under setup.

ongoing





Security issues raised by External researchers

  • IT-24999 Security Issue - Sensitive information leakage – Fiachra was contacted, still waiting for his feedback

ongoing





Upcoming D&TF 

Please register!

-SECCOM proposals (TBD): https://wiki.lfnetworking.org/display/LN/2023-02+LFN+Developer+Event+Topics+February#id-202302LFNDeveloperEventTopicsFebruary-ONAPTopics 

ongoing





Python PoC by Bob

Environment for testing is available

ORAN SC is actively using Pylog, libraries under testing, 

ongoing

Work in progress. Fiachra still to be contacted.



TSC meeting (26th January)

Architecture Subcommittee shared London status: niorttech.net







PTL meeting (30th January)

Review of Release Management tasks – started

  • Looks like there is overlap between Architecture Subcommittee and PTLs tasks.







Unmaintained projects update

Jira tickets to be issued for repos (34!) where no changes for last 12 months done.

ongoing





Adoption of security practices

TAC meeting will be addressing it on Wedesday.

  • SBOMs autogeneration

  • signing artifacts - Maven central does not support Sigstore - to be elaborated

  • ORAN Alliance has some signing recommendations already



NTIA recommendation on integrity protections on SBOMs to be reviewed by Amy



NSA has just joined ORAN Alliance.

Security logging support by Bob for AI/ML - 25 use cases proposed.







SECCOM MEETING CALL WILL BE HELD ON January 7th February 2023. 

Node vs. pod level logging update by Byung.

CPS Security review questionaire by Tony.









Recordings: 

2023-01-31_SECCOM_week.mp4



SECCOM presentation:

2023-01-31 ONAP Security Meeting - AgendaAndMinutes.pptx