Presentation is loading. Please wait.

Presentation is loading. Please wait.

Topics Introduction Structure and way of working

Published byBrandon Crawford Modified over 6 years ago

Similar presentations

Presentation on theme: "Topics Introduction Structure and way of working"— Presentation transcript:

1 Security Subcommittee virtual developers event (September) ONAP security committee Stephen Terrill

2 Topics Introduction Structure and way of working
Vulnerability Management Ongoing CII Badging Feedback

3 Introduction ONAP security page: Security sub-committee Identifying proposed activities to help the ONAP community create secure system ONAP is creating a mission critical system Vulnerability Management The process for managing identified and reported vulnerabilities.

4 Vulnerability Management Procedures
Main information page Meeting Notes Agreed Best Practices Current work in motion Vulnerability Management Procedures

5 Vulnerability Management
Vulnerability management is the process to handle identified vulnerabilities Approved Vulnerability Management procedures: How to submit a vulnerability, acknowledge a vulnerability, and manage the process to conclusion including communication. Vulnerability management team (volunteers) are in place: Arul Nambi (ambocs), Amy Zwarico (AT&T), Oliver Spatsh (AT&T). Raun He (orange) Support from Stephen Terrill (Ericsson, security coordinator), David Jorm, Linux foundation (Phil, Andy, Kenny). Will follow a Case lead on a “step-up” approach on per case by case basis. Support team to step in to ensure nothing falls through. Security coordinator also to ensure that all is working ok. Note: The vulnerability management sub-committee cannot solve the vulnerabilities, but work with the teams to do so under embargo. Your support will be critical.

6 CII (core infrastructure initiative) badging program
CII (core infrastructure initiative) has been created by the linux foundation in response to previous security issues in open-source projects (Heartbleed in openSSL). The CII has created a badging program to recognize projects that follow a set of identifies best practices that could be adopted. There are three levels passing, silver and gold. The security sub-committee has looked at these and feels that given ONAP is managing core critical infrastructure, the ONAP projects should follow the gold level. This is a challenge! A stepwise introduction is proposed. CLAMP Feedback today

7 Work in progress Static Code Scans Credential management

8 CII Badging program feedback from CLAMP

9 ONAP, the Secure Open Networking Platform

Download ppt "Topics Introduction Structure and way of working"

Similar presentations

EPermits IT Subcommittee Meeting September 6, 2013.

EPermits IT Subcommittee Meeting September 6, 2013.
By Raymond Greenlaw United States Naval Academy, Annapolis, Maryland Chiang Mai University, Chiang Mai, Thailand Ray gratefully acknowledges partial support.

By Raymond Greenlaw United States Naval Academy, Annapolis, Maryland Chiang Mai University, Chiang Mai, Thailand Ray gratefully acknowledges partial support.
The topics addressed in this briefing include:

The topics addressed in this briefing include:
Improving Your Security Posture June 24, 2014 1 Managing Your Managed Security Service Provider Stephen Seljan, General Dynamics Fidelis.

Improving Your Security Posture June 24, Managing Your Managed Security Service Provider Stephen Seljan, General Dynamics Fidelis.
THE HR APPRENTICERICHMOND THE HR APPRENTICE RICHMOND Marvelous Membership Mavericks.

THE HR APPRENTICERICHMOND THE HR APPRENTICE RICHMOND Marvelous Membership Mavericks.
What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:

What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:
Monterey BAY AREA SELF INSURANCE AUTHORITY LOSS PREVENTION SUBCOMMITTEE 1 ST BOARD REPORT DECEMBER 14 TH, 2009.

Monterey BAY AREA SELF INSURANCE AUTHORITY LOSS PREVENTION SUBCOMMITTEE 1 ST BOARD REPORT DECEMBER 14 TH, 2009.
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks GSVG issues handling Dr Linda Cornwall CCLRC.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks GSVG issues handling Dr Linda Cornwall CCLRC.
Muslim Professional Association Presentation to Advisory Council September 22, 2010.

Muslim Professional Association Presentation to Advisory Council September 22, 2010.
Grid Security Vulnerability Group Linda Cornwall, GDB, CERN 7 th September 2005

Grid Security Vulnerability Group Linda Cornwall, GDB, CERN 7 th September 2005
EECS 582 Projects Mosharaf Chowdhury EECS 582 – W1611/8/16.

EECS 582 Projects Mosharaf Chowdhury EECS 582 – W1611/8/16.
Security Policy: From EGEE to EGI David Kelsey (STFC-RAL) 21 Sep 2009 EGEE’09, Barcelona david.kelsey at stfc.ac.uk.

Security Policy: From EGEE to EGI David Kelsey (STFC-RAL) 21 Sep 2009 EGEE’09, Barcelona david.kelsey at stfc.ac.uk.
Here Today Here to Stay August 17, 2009. TJC’s Mission.

Here Today Here to Stay August 17, TJC’s Mission.
Cloud Security Session: Introduction 25 Sep 2014Cloud Security, Kelsey1 David Kelsey (STFC-RAL) EGI-Geant Symposium Amsterdam 25 Sep 2014.

Cloud Security Session: Introduction 25 Sep 2014Cloud Security, Kelsey1 David Kelsey (STFC-RAL) EGI-Geant Symposium Amsterdam 25 Sep 2014.
Getting Started. Objectives of Getting Started  To define the tasks FRG leaders need to conduct when assuming leadership of unit’s FRG ▫ Assessment ▫

Getting Started. Objectives of Getting Started  To define the tasks FRG leaders need to conduct when assuming leadership of unit’s FRG ▫ Assessment ▫
ONAP security meeting 2017-09-06.

ONAP security meeting
Ardmore Cradle to Career Partnership

Ardmore Cradle to Career Partnership
ONAP Policy Framework Weekly Meeting June 7, 2017

ONAP Policy Framework Weekly Meeting June 7, 2017
CII badging program for ONAP ONAP security committee Stephen Terrill

CII badging program for ONAP ONAP security committee Stephen Terrill
“Redefined Roles of Applied Dissertation Chairs & Members”

“Redefined Roles of Applied Dissertation Chairs & Members”

Similar presentations

Ads by Google