Security Group 25/03/2015

Attendees:

• Luke Hinds (Nokia) - Chaired
• Marcel Winandy (Huawei)
• Juan Antonio Osorio Robles (Ericsson)
• Ari Pietikäinen (Ericsson)
• Brian Smith (Bell Canada)
• Bryan Sullivan (AT&T)
• Ashutosh Dutta (AT&T)

• please note, to be marked as attended, add your name to the meeting etherpad https://etherpad.opnfv.org/p/opnfv-sec-meetings

Agenda

• Agenda Bashing
• Agree Last Minutes
• Review Work Items
• Vulnerbility Management - Luke
• Internal Security Polices - Marcel
• Gerrit Code Review - Juan
• Any other business

Minutes

• Agreed agenda
• Agreed last meetings minutes
• OPNFV Security Vulnerability Management
  • Luke updated that he is still working on the 'in the wild' process.
  • He has the opnfv added as stakeholders to the OpenStack VMT process
  • The list will be changed to osvm@lists.opnfv.org
• Internal Security Policies
  • Marcel provided an overview and feedback was provided.
  • Marcel will continue to develop the internal process, but asked for help if available.
• Gerrit Code Review
  • Juan is going to request 'security@lists.opnfv.com for the gerrit reviews'
• Ashutosh showed an interest in attestation as a research item
• OSVM Members
  • Luke requested that members nominate themselves for OSVM. We should try for 3 members, and one TSC member.
• Iben will get the tools set up (jira / git)
  • Luke will peform intial commits to create repository
  • Iben will also help with getting the osvm 'security report' function in place.
• Luke mentioned the moon project proposal

Meeting Etherpads

• https://etherpad.opnfv.org/p/opnfv-sec-meetings # Agenda

Meetbot Log

• http://ircbot.wl.linuxfoundation.org/meetings/opnfv-sec/2015/opnfv-sec.2015-03-25-14.01.txt