security:meetings:18022015
Please help move this page
Security Group 18/02/2015
Attendees:
Agenda
Minutes
Agreed last minutes
Agreed on Agenda
Scope discussion (below)
Scope discussion
For the mailing list we agreed we will remain on opnfv-tech-discuss and use subject tag [opnfv-sec], until the mail volume is sufficient to justify the need for a dedicated list.
We agreed we will establish an advisory / vulnerability handling process
We agreed we need to interwork with other security groups - other members should ideally be present on all upstream groups
We agreed on Security Guidelines, whereby we develop / reference existing documentation on security best practices around installation & configuration. We will remove governance and risk assessment frameworks from the scope.
We agreed on Internal OPNFV Security Best Practices. This will cover two areas; Internal Security polices such as password complexity, encryption etc. The other area will be to establish secure coding guidelines for opnfv projects.
We agreed Security Change Reviews (gerrit)
We agreed Research and Development and emphasis was made on ensuring we support the spawning of sub-projects.
Actions
Luke to amend the proposal and send out to the list.
Luke to clarify with TSC over group status. Do we still need to go for approval, and will sub projects need to go via TSC for approval, or would the security group have autonomy?
Investigate if more gotomeeting phone numbers for US.
Mike Bursell to discuss with ETSI board(?), how will liaison / communications with ETSI be aligned?
Meeting Etherpads
MeetBot Logs
security/meetings/18022015.txt · Last modified: 2015/02/25 15:49 by Luke Hinds