====== Please help move this page ====== * NOTE: Meeting info pages for each project should be moved to the ''[[/meetings/|https://wiki.opnfv.org/meetings/]]'' folder. * Do not place meeting related pages under the ''/wiki'' or ''/project-name'' folders. * To move your page you should create a new page and update this one with a note stating it has been moved. * The IRC channel for meetings is #opnfv-meetings. Each project should still use their own IRC channel for daily project communications but during a meeting it's important to share the main channel. This helps ensure meetings stop and start on time. ---- ====== Security Group 18/02/2015 ====== **Attendees:** * Luke Hinds (Nokia) - chaired * Mike Bursell (Intel) * Mike Camel (Intel) * Kapil Sood (Intel) * Marcel Winandy (Huawei) * Manuel Rebellon (Sandvine) **Agenda** * Agree last minutes * Agenda Bashing * Update on TSC decision to agree on the Security Group * Review and Agree on Proposal * Any other business **Minutes** * Agreed last minutes * Agreed on Agenda * Scope discussion (below) **Scope discussion** * For the **mailing list** we agreed we will remain on opnfv-tech-discuss and use subject tag [opnfv-sec], until the mail volume is sufficient to justify the need for a dedicated list. * We agreed we will establish an **advisory / vulnerability handling** process * We agreed we need to **interwork with other security groups** - other members should ideally be present on all upstream groups * We agreed on **Security Guidelines**, whereby we develop / reference existing documentation on security best practices around installation & configuration. We will remove governance and risk assessment frameworks from the scope. * We agreed on **Internal OPNFV Security Best Practices**. This will cover two areas; Internal Security polices such as password complexity, encryption etc. The other area will be to establish secure coding guidelines for opnfv projects. * We agreed **Security Change Reviews (gerrit)** * We agreed **Research and Development** and emphasis was made on ensuring we support the spawning of sub-projects. **Actions** * Luke to amend the proposal and send out to the list. * Luke to clarify with TSC over group status. Do we still need to go for approval, and will sub projects need to go via TSC for approval, or would the security group have autonomy? * Investigate if more gotomeeting phone numbers for US. * Mike Bursell to discuss with ETSI board(?), how will liaison / communications with ETSI be aligned? **Meeting Etherpads** * https://etherpad.opnfv.org/p/opnfv-sec-meetings # Agenda * https://etherpad.opnfv.org/p/opnfv-sec # Initial project scope MeetBot Logs * Minutes: http://ircbot.wl.linuxfoundation.org/meetings/opnfv-meeting/2015/opnfv-meeting.2015-02-18-13.55.html * Minutes (text): http://ircbot.wl.linuxfoundation.org/meetings/opnfv-meeting/2015/opnfv-meeting.2015-02-18-13.55.txt * Log: http://ircbot.wl.linuxfoundation.org/meetings/opnfv-meeting/2015/opnfv-meeting.2015-02-18-13.55.log.html