You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 9th of February 2021.

Jira No
SummaryDescriptionStatusSolution

Honolulu SECCOM requirements

Slides prepared and reviewed by Amy:


Common logs management turned into PoC.

ongoingTo be presented at the LFN event within Requirements Subcommitee review.

Instambul SECCOM requirements
  • Packages upgrades
  • CII Badging - crypto verification private and implement secure design
  • PoC Security documentation and assurance cases:with DCAE and CPS
  • Integrate SonarCloud crypto findings as an integration test
  • Integrate SonarCloud coverage results as integration test: block on decreases in code coverage, provide exception process
  • PoC Service Mesh
ongoingSlide to be updated and shared with Alla.

Service Mesh PoC status updateNew release of Kubernetes to be integrated. Some issue with Envoy.


Sonarcloud crypto takeaways

Weak crypto report from Sonarcloud. Jiras to be opened. How to get a report with API to be figured out. 5 cathegories of findings: certificate validation, host name of certificate, using secure mode and padding, using weak protocols, encoding passwords as plain text.  




Logs management – what to do next?

We come back to this topic during next meeting (in February 9th)




OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 16th OF FEBRUARY'21. 




Recording:


SECCOM presentation:




  • No labels