Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 9th of February 2021.
| Jira No | Summary | Description | Status | Solution |
|---|---|---|---|---|
| LFN event | 2 presentations provided:
Anuket project – Samuli – security tools for CNF. | done | Slides on SECCOM requirements to be presented at the next Requirements Subcommittee meeting on Monday February 15th. POM file version to be provided to PTLs. Exception process with deadline before RC0. | |
| ONAP Log security management | Fabian shared his presentation: 2 types of basic image hardening. It was done by Morgan. PoCs with SPC (brand news project) and Policy (project which already took efforts to integrate with logging) proposed to move forward. | ongoing | Next steps Deploy logging architecture Analyze events linked to threats | |
| Instambul SECCOM requirements |
| ongoing | Slide to be updated and shared with Alla. | |
| Service Mesh PoC status update | New release of Kubernetes to be integrated. Some issue with Envoy. | |||
Sonarcloud crypto takeaways | Weak crypto report from Sonarcloud. Jiras to be opened. How to get a report with API to be figured out. 5 cathegories of findings: certificate validation, host name of certificate, using secure mode and padding, using weak protocols, encoding passwords as plain text. | |||
Logs management – what to do next? | We come back to this topic during next meeting (in February 9th) | |||
| OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 16th OF FEBRUARY'21. |
Recording:
SECCOM presentation: