============================================== #acumos-meeting: Acumos TSC Security Committee ============================================== Meeting started by bryan_att at 14:06:41 UTC. The full logs are available at http://ircbot.wl.linuxfoundation.org/meetings/acumos-meeting/2018/acumos-meeting.2018-07-03-14.06.log.html . Meeting summary --------------- * Bryan Sullivan (bryan_att, 14:06:48) * Roll Call (bryan_att, 14:06:58) * present: Bryan, Aimee (bryan_att, 14:09:03) * #link https://wiki.acumos.org/display/CS/Tool+Comparison (aimeeu, 14:10:42) * Strawman proposal (WIP) for security-verification (new name for validation-security) is at https://etherpad.acumos.org/p/security-verification (bryan_att, 14:11:44) * Security-Verification is on the path to having design docs and impacts e.g. to CDS id'd in the sprint 1 (by two weeks from now). (bryan_att, 14:22:50) * Project code security-verification we are looking at using the Anteater project from OPNFV. (bryan_att, 14:23:27) * #link https://github.com/anteater/anteater (aimeeu, 14:23:53) * This will benefit from cross-LF collaboration via the lf-releng list (bryan_att, 14:23:58) * Also we will publish guidelines for projects/PTLs as the the rollout and impacts to their processes. (bryan_att, 14:24:51) * Re platform security/hardening, we will need specific resources to help assess platform security weaknesses and propose remediations. Until we have these, that epic area may be at risk for this release. (bryan_att, 14:26:18) * #link https://github.com/opnfv/releng/tree/master/jjb/ci_gate_security example of how Anteater has been implemented in OPNFV gating process (aimeeu, 14:26:52) * Bryan will send out a note to the list on whether the timing of these calls needs updating to promote more attendance, etc, in order to grow community support. (bryan_att, 14:27:50) Meeting ended at 14:28:45 UTC. People present (lines said) --------------------------- * bryan_att (12) * aimeeu (4) * collabot` (3) Generated by `MeetBot`_ 0.1.4