Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 5th of April 2022.

Jira No
SummaryDescriptionStatusSolution

Issue raised with SECCOM by Kohei - About Critical Information Leak

Ticket to be open to SDNC – last message to SECCOM on token and logins/passwords.

started

Ticket to be opened to SDNC:  https://jira.onap.org/browse/SDNC-1691 - done

Confirmation e-mail to be sent to Kohei - done


CPS gold badge 

2 tickets created at LFN IT:

  • IT-23828 2FA (2 Factor Authentication) needed for merging to Gerrit in ONAP
  • IT-23829 Hardening LFN hosted ONAP project web sites
started

Istanbul Maintenance Release Notes

https://jira.onap.org/browse/CCSDK-3602malformed table, needs to be fixed!

https://jira.onap.org/browse/SDNC-1670 AAF transitive dependency

ongoing

PTLs meeting on April 4th
  • Istanbul Maintenance Release (log 4j mitigation) - All documented Jira issues resolved.  Release is completed.
  • Unmaintained project discussion
  • New GUI project as Portal alternative
ongoingWe shall provide SECCOM proposal/ recommendation for unmaintained projects to TSC, synch up with Architecture Subcommittee is needed, Byung will check with Chaker. Amy to draft proposal by end of this week and send to SECCOM distribution list.

TSC meeting on March 31st:

ongoing

SBOM status update

Vijay turned flag on. To be followed up with Jess. SBOM for Python?

Fabin is using Trivy with CycloneDX format. No option for SPDX.

ongoingTony to re-share the e-mail.

Updates to Secure Design Questionnaire - Maggie

No additional comments. 

ongoing

Action from one of the last meetings: Muddasar will prepare grade rate assessment proposal.


Security logging update – Bob

PoC phase, communication with Toine. Synch with Byung needed.

ongoingBob to contact Byung.

Linux Security Summit - CFP
  • Linux Security Summit, happening June 23-24 in Austin, Texas + Virtual!
    Don't delay - submissions are due Wednesday, March 30. View suggested topics, learn more and submit here https://events.linuxfoundation.org/linux-security-summit-north-america/program/cfp/
  • We plan to submit with Amy presentation proposal for Global Security Vulnerability Summit - submitted
  • Tony’s proposal for Security principles in the implementation - submitted
ongoing

SBOM visibility to be created in the deck - consultancy with Muddasar is planned.


Next ONAP F2F

https://events.linuxfoundation.org/lfn-developer-testing-forum/ - registration open

startedPlease consider your personal particiapation, so SECCOM team could meet again.

SECCOM MEETING CALL WILL BE HELD ON 12th OF April'22. 

Quality gates for code quality improvements - Fabian's presentation.

SonarCloud fixing with new code focus.






Recording: 


SECCOM presentation: