2022-01-04 Security Subcommittee Meeting Notes

Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 4th of January 2022.

Jira No	Summary	Description	Status	Solution

Jira No

Summary

Description

Status

Solution

Log4j upgrade

Log4j 2.17.1 was released. It provides a fix for a vulnerability: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832

ongoing

For tracking purpose dedicated Jira tickets to be opened per project and per both releases.

SECCOM presentations for incoming DTF (January).

SECCOM topics and overall agenda proposal:

https://teamup.com/ksgw6qzqcmg9zbzsfq?view=MD&date=2022-1-10&calendars=8227292,8227785,8227782,8310707,8310614
ONAP Security: Jakarta Global Requirements and Best Practices
- Tuesday, 11th of January, 4:30 UTC
Unmaintained code handling and its impact on documentation (SECCOM + Documentation) - main session stream Amy/Pawel/Thomas/Eric – Topic
- Wednesday, 12th of January, 2:30 UTC
Code quality demo - main session stream – Fabian/Pawel/Kevin/Toine – Topic
- Tuesday, 11th of January, 3:30 UTC

Interproject proposals:

- - SBOMs ONAP story – Muddasar/Pawel Topic
  - Monday, 10th of January, 2:30 UTC

ongoing

SECCOM MEETING CALL WILL BE HELD ON 18th OF JANUARY'22.

Review - SECCOM presentations for DDF events.

Quality gates for code quality improvements - continuation of the discussion.

SBOM next steps - which repos/projects to take into account?

Recording:

SECCOM presentation: