Versions Compared

Old Version 30

changes.mady.by.user Stephen Terrill

Saved on

compared with

New Version 31

changes.mady.by.user Tony Hansen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Identified activityActivity DescriptionStatus
Creation of a Vulnerability Response Team

Creation of a Vulnerability Management Procedures and Team.   

Done.  Activity Closed.

Identify an approach to manage and handle known vulnerabilities.  This is specific to the components or libraries that ONAP projects have brought in from external sources. 

Nexus IQ/Sonatype LCM has the ability to identify and display known vulnerabilities of used components.  These used components are in the end part of the ONAP release and it is not desirable to release with known vulnerabilities.

A proposal needs to be created to bring to the TSC to address how to work-through the known vulnerabilities and relate it to the project release plan.

Nexus IQ/Sonatype LCM is ready for use and the results can be made available.


Nex

Analyze and make recommendations to the CII badging program

https://github.com/linuxfoundation/cii-best-practices-badge  

This may identify good practices, which could include guidelines.  consider, Ensure least privilege by design), consider how to look at code scaning into the integration processes.

Also look at:

Done.

The security subcommittee recommends a gold level.

Included in the S3P recommendations.

Create CII Badging program ONAP support guide. As part of the S3P, the a number of projects will go into the CII badging program.  A guide to help the projects on common ONAP project issues would be useful. Identified 
 CII Badging program hackathone.Organize a hands-on starter session with the CII Badging programe for project memembers Identified 
Identity primary relevant legislation stds to be considered. Identify the main security standards etc that are related to regulatory requirements.  This would be for awareness.  
 Static Vulnerability Scans.

Identify and propose a process for static vulnerability scans 

Information can be found on: https://wiki.onap.org/display/DW/ONAP+security+Recomendation+DevelopementDevelopment 

Started 
Credential Management 

 Proposed architecture and proposal for handling credentials in ONAP

Information can be found on: https://wiki.onap.org/display/DW/ONAP+security+Recomendation+DevelopementDevelopment 

 Started

Need to comlete the requirements.

...