14:06:41 <bryan_att> #startmeeting Acumos TSC Security Committee 14:06:41 <collabot`> Meeting started Tue Jul 3 14:06:41 2018 UTC. The chair is bryan_att. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:06:41 <collabot`> Useful Commands: #action #agreed #help #info #idea #link #topic. 14:06:41 <collabot`> The meeting name has been set to 'acumos_tsc_security_committee' 14:06:48 <bryan_att> #info Bryan Sullivan 14:06:58 <bryan_att> #topic Roll Call 14:09:03 <bryan_att> #info present: Bryan, Aimee 14:10:42 <aimeeu> #info #link https://wiki.acumos.org/display/CS/Tool+Comparison 14:11:00 <aimeeu> Tool comparison for security scanning and license scanning 14:11:44 <bryan_att> #info Strawman proposal (WIP) for security-verification (new name for validation-security) is at https://etherpad.acumos.org/p/security-verification 14:22:50 <bryan_att> #info Security-Verification is on the path to having design docs and impacts e.g. to CDS id'd in the sprint 1 (by two weeks from now). 14:23:27 <bryan_att> #info Project code security-verification we are looking at using the Anteater project from OPNFV. 14:23:53 <aimeeu> #info #link https://github.com/anteater/anteater 14:23:58 <bryan_att> #info This will benefit from cross-LF collaboration via the lf-releng list 14:24:51 <bryan_att> #info Also we will publish guidelines for projects/PTLs as the the rollout and impacts to their processes. 14:26:18 <bryan_att> #info Re platform security/hardening, we will need specific resources to help assess platform security weaknesses and propose remediations. Until we have these, that epic area may be at risk for this release. 14:26:52 <aimeeu> #info #link https://github.com/opnfv/releng/tree/master/jjb/ci_gate_security example of how Anteater has been implemented in OPNFV gating process 14:27:50 <bryan_att> #info Bryan will send out a note to the list on whether the timing of these calls needs updating to promote more attendance, etc, in order to grow community support. 14:28:45 <bryan_att> #endmeeting