This is an old revision of the document!

Security Group 11/02/2015

Attendees:

Agenda

Minutes

Scope discussion

For the mailing linst we agreed we will remain on opnfv-tech-discuss and use subject tag [opnfv-sec], until the mail volume is sufficient to justify the need for a dedicated list.
We agreed we will establish an advisory / vulnerability handling process
We agreed we need to interwork with other security groups - other members should ideally be present on all upstream groups
We agreed on Security Guidelines, whereby we develop / reference existing documentation on security best practices around installation & configuration. We will remove governance and risk assessment frameworks from the scope.
We agreed on Internal OPNFV Security Best Practices. This will cover two areas; Internal Security polices such as password complexity, encryption etc. The other area will be to establish secure coding guidelines for opnfv projects.
We agreed Security Change Reviews (gerrit)
We agreed Research and Development and emphasis was made on insuring we support the spawning of sub-projects.

Actions

Luke to amend the proposal and send out to the list.
Luke to clarify with TSC over group status. Do we still need to go for approval, and will sub projects need to go via TSC for approval, or would the security group have autonomy?
Investigate if more gotomeeting phone numbers for US.
Mike Bursell to discuss with ETSI board(?), how will liaison / communications with ETSI be aligned?

MeetBot Logs

Wiki