This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
security [2015/10/21 13:16] Sona Sarmadi [OPNFV eco-system] |
security [2016/03/23 13:51] (current) Luke Hinds |
||
---|---|---|---|
Line 11: | Line 11: | ||
List of some major components in OPNFV eco-system and link to the security advisory, CVE-list, etc. | List of some major components in OPNFV eco-system and link to the security advisory, CVE-list, etc. | ||
* [[Virtualization|Virtualization]] | * [[Virtualization|Virtualization]] | ||
- | * [[Virtualization-networking|Virtualization networking]] | + | * [[Virtualization-networking|Network Virtualization]] |
- | * [[SDN-Controller-framework|Software Defined Networking/OpenDayLight]] | + | * [[SDN-Controller-framework|SDN Controller framework]] |
* [[Automation-and-Virtualized-Infrastructure-Manager|OpenStack]] | * [[Automation-and-Virtualized-Infrastructure-Manager|OpenStack]] | ||
* [[Virtual-Storage|Virtual Storage]] | * [[Virtual-Storage|Virtual Storage]] | ||
- | |||
- | |||
- | |||
- | |||
- | |||
- | |||
Line 27: | Line 21: | ||
**Project Creation Date:** Jan 22, 2015 \\ | **Project Creation Date:** Jan 22, 2015 \\ | ||
**Lifecycle State:** Approved \\ | **Lifecycle State:** Approved \\ | ||
- | **Project Lead:**[[luke.hinds@nokia.com|Luke Hinds (Nokia)]] \\ | + | **Project Lead:**[[lhinds@redhat.com|Luke Hinds (Red Hat)]] \\ |
**Jira Project Name:** OPNFV Security group \\ | **Jira Project Name:** OPNFV Security group \\ | ||
**Jira Project Prefix:** opnfv-sec \\ | **Jira Project Prefix:** opnfv-sec \\ | ||
===== Members ===== | ===== Members ===== | ||
- | * [[luke.hinds@nokia.com|Luke Hinds (Nokia)]] | + | * [[luke.hinds@nokia.com|Luke Hinds (Red Hat)]] |
- | * [[juan.osorio.robles@ericsson.com|Juan Antonio Osorio Robles (Ericsson)]] or jaosorior in IRC | + | |
* [[marcel.winandy@huawei.com|Marcel Winandy (Huawei)]] | * [[marcel.winandy@huawei.com|Marcel Winandy (Huawei)]] | ||
* [[ari.pietikainen@ericsson.com|Ari Pietikäinen (Ericsson)]] | * [[ari.pietikainen@ericsson.com|Ari Pietikäinen (Ericsson)]] | ||
Line 41: | Line 34: | ||
===== OPNFV Security Group Processes ===== | ===== OPNFV Security Group Processes ===== | ||
- | [[security:osvm|OPNFV Security Vulnerability Management (OSVM)]] | + | **[[security:osvm|OPNFV Security Vulnerability Management (OSVM)]]** |
- | [[security:securecode|Secure Coding Guidelines]] | + | **[[security:securecode|Secure Coding Guidelines]]** |
===== Security Projects ===== | ===== Security Projects ===== | ||
Line 49: | Line 42: | ||
**The OPNFV platform hosts the following security projects** | **The OPNFV platform hosts the following security projects** | ||
- | + | **[[requirements_projects:inspector|Inspector]]** | |
- | [[requirements_projects:inspector|Inspector]] | + | |
Ensure the existing Audit framework for the critical components in OPNFV are extensive enough and compliant to industry standards and foreseeable business use cases. | Ensure the existing Audit framework for the critical components in OPNFV are extensive enough and compliant to industry standards and foreseeable business use cases. | ||
- | **Oher security projects within the OP**NFV | + | **[[security:opnfv-security-guide|OPNFV Security Guide]]** |
+ | |||
+ | Guide to securing the OPNFV platform. | ||
+ | |||
+ | **Other security projects within the OPNFV** | ||
[[:moon|Moon]] | [[:moon|Moon]] | ||
Line 85: | Line 81: | ||
[[meetings:security|Meeting Info & Log]] | [[meetings:security|Meeting Info & Log]] | ||
+ | |||
+ | ====== Security Related News/blogs ====== | ||
+ | |||
+ | |||
+ | * [[http://www.etsi.org/news-events/news/1015-2015-10-news-etsi-nfv-isg-publishes-security-and-reliability-specifications?highlight=YTozOntpOjA7czozOiJuZnYiO2k6MTtzOjg6InNlY3VyaXR5IjtpOjI7czoxMjoibmZ2IHNlY3VyaXR5Ijt9|ETSI released three more specs relevant for security]] | ||
+ | * [[http://www.cisecurity.org/critical-controls.cfm|CIS published update on their security guidance]] | ||
+ | * [[http://venturebeat.com/2015/10/07/amazon-launches-inspector-a-tool-that-automatically-finds-security-compliance-issues/|Amazon launches Inspector, a tool that automatically finds security and compliance issues]] | ||
+ | * [[http://venturebeat.com/2015/10/07/google-launches-its-cloud-platform-security-scanner-out-of-beta-minutes-after-amazon-announced-inspector/|Google launches its Cloud Platform Security Scanner ..]] | ||
+ | * [[https://dzone.com/articles/aws-deployment-with-security-monkey|AWS Deployment With Security_monkey]] | ||
+ | * [[http://news.netcraft.com/archives/2015/10/12/certificate-authorities-issue-hundreds-of-deceptive-ssl-certificates-to-fraudsters.html|Certificate authorities issue SSL certificates to fraudsters]] | ||
+ | * [[http://www.networkworld.com/article/2992503/security/sans-20-critical-security-controls-you-need-to-add.html|SANS: 20 critical security controls you need to add]] | ||
+ | * [[https://weakdh.org/imperfect-forward-secrecy-ccs15.pdf|How Diffie-Hellman Fails in Practice]] |