13:59:26 #startmeeting security group 13:59:26 Meeting started Wed May 20 13:59:26 2015 UTC. The chair is LukeHinds. Information about MeetBot at http://wiki.debian.org/MeetBot. 13:59:26 Useful Commands: #action #agreed #help #info #idea #link #topic. 13:59:26 The meeting name has been set to 'security_group' 13:59:47 #info will wait for more people. say hi if your alive 14:09:22 hello? 14:16:15 Hi Marcel 14:16:25 any other guys here? 14:16:35 #link https://etherpad.opnfv.org/p/opnfv-sec-meetings 14:17:37 probably all at OpenStack summit, I guess 14:18:13 very true 14:18:17 just remmeber tat 14:18:20 *that 14:18:26 might be a quiet meeting :) 14:18:45 I don't have much to update, do you? 14:19:10 no, was sick last week, and busy with other this week :( 14:19:44 but maybe have a question to you, and we can use the time here 14:24:18 If you look at #link https://etherpad.opnfv.org/p/int-sec-policies I have there section 2 linking to OSVM now, and section 3 linking to the Secure Coding Guidelines. In addition, I plan to have section 3 also some more general policies (like passwords, use virus-scanner if putting binaries in repos, etc.). Section 4 then is about more specific security 14:24:19 policies for developing OPNFV software. What do you think? Or is this too much overlap with secure coding guidelines? 14:29:13 i think thats a good idea 14:30:22 ok good 14:30:31 in the openstack security guide they have some guidelines that can be refereed to around passwords for API's etc 14:31:03 agree with you, no overlap with secure coding, as yours is more on enviroment security 14:34:36 So, there are two types of guidelines in general: a) like "validate your input" and b) "All REST APIs for VNFM should be encrypted". - just as some example. 14:34:53 While a) is clearly Secure Coding Guidelines. Where would you put b) ? 14:59:27 Security Infrastructure Guidelines 14:59:48 Or Platform Security Guidelines 15:00:05 OPNFV Platform Security Guidelines 15:02:15 ok, so that's then more another work item. 16:43:26 #endmeeting