meetings:security:04032015
Security Group 04/03/2015
Attendees:
Agenda
Agenda Bashing
Agree Last Minutes
Review Work Items
Vulnerbility Management - Luke
Gerrit Code Review - Juan
Project Lead / Members Elections
New channel #opnfv-security
Any other business
Minutes
Agreed agenda
Agreed last meetings minutes
Draft proposal for OPNFV Security Vulnerability Management
-
We discussed the existing openstack VMC Security Committee Vulnerability process
We will have a similar process for OPNFV developed code
It is also important to have a known method to get security issues we find sent upstream-ed
Most of our “code” we generate is glue to script the installation, configuration, and testing of other upstream components <— what follows is that we won’t be creating very many binary artifacts that might have vulnerabilities
There may be some binary artifacts from code we create such as a vloop vm image or other vnf just for OPNFV project use
Scripts could introduce security issues (configurations)
ACTION: to consider how we will interact (tool wise) with upstrean groups (hinds)
expected time for fix should be added (Mike)
ACTION: Luke to continue to refine the OSVM and consider the points made about interactions and contingencies towards upstream projects
Gerrit Code Review - Deferred to later meeting
Project Lead / Members Elections
ACTION: Luke to draw up rough draft of a role / org structure for the security group
AGREED: Mike suggested that we defer elections of any sort to when more people attend
Having some type of senior members to insure quality contributions are accepted
Change irc to opnfv-sec
Any other business
Meeting Etherpads
Meetbot Log
meetings/security/04032015.txt · Last modified: 2015/03/18 13:52 by Luke Hinds