Please help move this page

NOTE: Meeting info pages for each project should be moved to the https://wiki.opnfv.org/meetings/ folder.
Do not place meeting related pages under the /wiki or /project-name folders.
To move your page you should create a new page and update this one with a note stating it has been moved.
The IRC channel for meetings is #opnfv-meetings. Each project should still use their own IRC channel for daily project communications but during a meeting it's important to share the main channel. This helps ensure meetings stop and start on time.

Security Group 18/02/2015

Attendees:

Agenda

Minutes

Scope discussion

For the mailing list we agreed we will remain on opnfv-tech-discuss and use subject tag [opnfv-sec], until the mail volume is sufficient to justify the need for a dedicated list.
We agreed we will establish an advisory / vulnerability handling process
We agreed we need to interwork with other security groups - other members should ideally be present on all upstream groups
We agreed on Security Guidelines, whereby we develop / reference existing documentation on security best practices around installation & configuration. We will remove governance and risk assessment frameworks from the scope.
We agreed on Internal OPNFV Security Best Practices. This will cover two areas; Internal Security polices such as password complexity, encryption etc. The other area will be to establish secure coding guidelines for opnfv projects.
We agreed Security Change Reviews (gerrit)
We agreed Research and Development and emphasis was made on ensuring we support the spawning of sub-projects.

Actions

Luke to amend the proposal and send out to the list.
Luke to clarify with TSC over group status. Do we still need to go for approval, and will sub projects need to go via TSC for approval, or would the security group have autonomy?
Investigate if more gotomeeting phone numbers for US.
Mike Bursell to discuss with ETSI board(?), how will liaison / communications with ETSI be aligned?

Meeting Etherpads

MeetBot Logs