Security Community Welcome Guide and way-of-working

Welcome to our small but vibrant ONAP security community.  We are a group of people with a common interest in ensuring that ONAP is secure and has the necessary security mechanisms.  We go by the name of SECCOM for short.

You are most welcome to contribute with any of your time or expertise, be it small or large, it will be appreciated.

A few things that are helpful to know:

• The ONAP security sub-committee is a sub-committee to the ONAP Technical Steering Committee.  That means that it is advisory by nature and reports into the TSC.  We happily work with recommendations that we share with the rest of the ONAP community and bring the necessary ones to the TSC for decision.
• We communicate via the SECCOM email list and our weekly meetings.
• We encourage you to join the SECCOM email list.  How to do so can be found here:  Mailing Lists .  You can also find other email lists that may be of interest to you there.
• We encourage you to join us at our weekly meetings.  These are on Wednesdays, and the time in your particular time zone can be found here:Community Meetings & Calendar .  There you can also find other meetings that maybe of interest to you.
• The overall ONAP security coordination structure can be found here: ONAP Security coordination.  You will see that we have a security sub-committee, and that's where we do all the general work.  There is also a vulnerability management sub-committee, which has a single purpose and that is to manage the vulnerability management process.  That is when someone identifies a vulnerability in ONAP, they can inform us and the vulnerability management sub-committee will manage it through the process.  That is a more closed group for reasons that are hopefully obvious, so don't worry about it for now.

A bit about how we work:

• We meet weekly in the SECCOM meetings.
  • The input and meeting notes can be found here: ONAP Security sub-committee meeting notes and input (prior to December 2018) 
  • The meeting notes are usually contained at the back of the meeting agenda slides. 
• We maintain a backlog in the SECCOM jira.  This can be found here:  https://jira.onap.org/projects/SECCOM/
  • Anyone is free to suggest a topic and we will prioritize in our weekly meetings (though we don't always have time, however generally new items will be brought up for discussion)
  • Let us know if a topic interests you and you want to drive it or be involved.
• In the sub-committee recommendations wiki:  Security Sub-Committee Recommendations there are two parts.  One part where we are developing our recommendations (ONAP Security Recommendation Development) and when we think they are ready, we move them to ONAP Security Best Practices.
• Sometimes, we have adhoc discussions on a particular point, or have a meeting series addressing a particular point outside of our regular meetings.  This is useful in order to progress topics.  When this happens, everyone is informed and invited to attend via the SECCOM mail list.

If you are new, why not introduce yourself and let us know a little about what your interests maybe by sending us an email to the seccom email list: onap-seccom@lists.onap.org