====== Security Group 04/03/2015 ======


**Attendees:** 

  * Luke Hinds (Nokia) - Chaired
  * Marcel Winandy (Huawei) 
  * Mike Bursell (Intel)

  * please note, to be marked as attended, add your name to the meeting etherpad https://etherpad.opnfv.org/p/opnfv-sec-meetings

**Agenda**

  * Agenda Bashing
  * Agree Last Minutes
  * Review Work Items
  * Vulnerbility Management - Luke
  * Gerrit Code Review - Juan
  * Project Lead / Members Elections
  * New channel  #opnfv-security 
  * Any other business


**Minutes**

  * **Agreed agenda** 
  * **Agreed last meetings minutes**
  * **Draft proposal for OPNFV Security Vulnerability Management**
    * https://wiki.openstack.org/wiki/Vulnerability_Management
    * We discussed the existing openstack VMC Security Committee Vulnerability process
    * We will have a similar process for OPNFV developed code
    * It is also important to have a known method to get security issues we find sent upstream-ed
    * Most of our “code” we generate is glue to script the installation, configuration, and testing of other upstream components <— what follows is that we won’t be creating very many binary artifacts that might have vulnerabilities
    * There may be some binary artifacts from code we create such as a vloop vm image or other vnf just for OPNFV project use
    * Scripts could introduce security issues (configurations)
    * ACTION: to consider how we will interact (tool wise) with upstrean groups (hinds)
    * expected time for fix should be added (Mike) 
    * ACTION: Luke to continue to refine the OSVM and consider the points made about interactions and contingencies towards upstream projects
  * **Gerrit Code Review - Deferred to later meeting**
  * **Project Lead / Members Elections**
    * ACTION: Luke to draw up rough draft of a role / org structure for the security group 
    * AGREED: Mike suggested that we defer elections of any sort to when more people attend
    * Having some type of senior members to insure quality contributions are accepted
  *** Change irc to opnfv-sec**
    * AGREED: we will use the new irc channel called #opnfv-sec 
  * **Any other business**
    * etherpads available for each work item and can be used to reference materials relevant to the particular work item. can be found under each work items wiki page
 
**Meeting Etherpads**

  * https://etherpad.opnfv.org/p/opnfv-sec-meetings # Agenda

**Meetbot Log**

  * http://ircbot.wl.linuxfoundation.org/meetings/opnfv-meeting/2015/opnfv-meeting.2015-03-04-13.55.html