...
Each ONAP component needs to meet code security practices and certifications that are defined by SECCOM. There would be no direct impact for ONAP Streamlining; i.e., business is as usual.
Additional analysis will be provided as needed.
ONAP SECCOM Roles
The following lists ONAP SECCOM roles and duties:
- Provide global requirements and best practices and audit tests - example: require secure code
- Provide secure reference implementation and documentation - example: logging, service mesh, external security with authentication and authorization
- Prioritize vulnerability fixes
- prioritize secure enhancements
- Proposal: ONAP projects work with latest version of common components such as Istio, KeyCloak, Kafka, Ingress...
ONAP Component Logging Analysis
...