Versions Compared

Old Version 7

changes.mady.by.user Amy Zwarico

Saved on

compared with

New Version 8

changes.mady.by.user Amy Zwarico

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

TimeTopicTopDriver/PresenterDescription
 28 28 November   
9:00 - 9:15Status of the Casablanca Priorities AmyReview the Casablanca security achievements
9:15 - 10:00Outline Dublin Security PrioritiesAmyCreate the Dublin security priorities draft to review with seccom and present to the TSC
10:00 - 10:30Vulnerability Management Process Review (SECCOM-66)Robert

Updates to the vulnerability management process


 1010:30 -10:45 Break  
10:45 11:15Silver CII BadgingAmy Determine the Silver requirements the projects need to focus on for Dublin and the requirements that are met by the overall ONAP processes
11:15 - 12:00Relation between vulnerability reviews and release gatesAmy

Lessons learned from the Beijing and Casablanca reviews

Enumerate the vulnerability mitigates tasks for each milestone and release candidate. This will help the projects schedule package upgrades, replacements, and the development of compensating controls early in the release cycle.

 1212:00 - 1:00 Lunch  
1:00 - 1:45Vulnerability handling clarifications (SECCOM-74 AmyCreate a simple workflow that will be used to explain the vulnerability remediation and documentation process to the PTLs
1:45 - 2:30 45min30 API SecurityNatachaReview the ETSI API security recommendations and requirements
 22:30 - 2:45 break  
2:45 - 3:00Risk Assessment ReviewPawel/Samuli

Review the findings from the risk assessments

Discuss the questionnaire proposed by Robert to help identify risk in projects

 33:00 - 4:00 Risk Assessment Overall PlanPawel/Samuli

Define the scope of the risk assessment and the plan to complete the assessment

Focus on some selected areas of risk

 44:00-4:15 Break  
 44:15 -5:00 wrap up  
 29 29 November   
 99:00 - 10:00 1hr ONAP Communication Security RequirementsPawelReview communication security between ONAP components and ensure that the transactions exchange between the different components are secure (Authentication, Authorization, Confidentiality)
 30mins10:00 - 10:30Security by design TBD

What guidelines are required to projects and the milestones to place security first and foremost.

  • project security documentation
  • Project communication policy to OOM
  •  Overall ONAP security documentation
  • Test cases
  • No XSS vulnerabilities in GUIs
  • input validation on all GUIs and APIs
  • Test driven development
 1010:30-10:45 Break  
 1010:45-11:15 Security GuidelinesZygmunt Develop a plan to document the security of ONAP
 1111:15-12:30 Discussion and Review  Action ItemsAmyReview the meeting; assign action items
12:30-1:30Lunch

 11:30-4:00 Backup if needed  Additional discussions among participants still available

...