Attendees:

• Luke Hinds (Nokia) - Chaired
• Marcel Winandy (Huawei)
• Mike Bursell (Intel)

• please note, to be marked as attended, add your name to the meeting etherpad https://etherpad.opnfv.org/p/opnfv-sec-meetings

Agenda

• Agenda Bashing
• Agree Last Minutes
• Review Work Items
• Vulnerbility Management - Luke
• Gerrit Code Review - Juan
• Project Lead / Members Elections
• New channel #opnfv-security
• Any other business

Minutes

• Agreed agenda
• Agreed last meetings minutes
• Draft proposal for OPNFV Security Vulnerability Management
  • https://wiki.openstack.org/wiki/Vulnerability_Management
  • We discussed the existing openstack VMC Security Committee Vulnerability process
  • We will have a similar process for OPNFV developed code
  • It is also important to have a known method to get security issues we find sent upstream-ed
  • Most of our “code” we generate is glue to script the installation, configuration, and testing of other upstream components <— what follows is that we won’t be creating very many binary artifacts that might have vulnerabilities
  • There may be some binary artifacts from code we create such as a vloop vm image or other vnf just for OPNFV project use
  • Scripts could introduce security issues (configurations)
  • ACTION: to consider how we will interact (tool wise) with upstrean groups (hinds)
  • expected time for fix should be added (Mike)
  • ACTION: Luke to continue to refine the OSVM and consider the points made about interactions and contingencies towards upstream projects
• Gerrit Code Review - Deferred to later meeting
• Project Lead / Members Elections
  • ACTION: Luke to draw up rough draft of a role / org structure for the security group
  • AGREED: Mike suggested that we defer elections of any sort to when more people attend
  • Having some type of senior members to insure quality contributions are accepted
• Change irc to opnfv-sec
  • AGREED: we will use the new irc channel called #opnfv-sec
• Any other business
  • etherpads available for each work item and can be used to reference materials relevant to the particular work item. can be found under each work items wiki page

Meeting Etherpads

• https://etherpad.opnfv.org/p/opnfv-sec-meetings # Agenda

Meetbot Log

• http://ircbot.wl.linuxfoundation.org/meetings/opnfv-meeting/2015/opnfv-meeting.2015-03-04-13.55.html