#acumos-meeting: Acumos TSC Security Committee

Meeting started by bryan_att at 14:03:09 UTC (full logs).

Meeting summary

  1. Agenda (bryan_att, 14:18:53)
    1. Standing agenda minus S-V (in progress) (bryan_att, 14:19:09)
    2. Manoop: CI best practices: https://bestpractices.coreinfrastructure.org (bryan_att, 14:20:11)
    3. https://wiki.acumos.org/display/REL/Security+Vulnerability+Threat+Template (talasila, 14:21:53)
    4. Manoop: security checklist (bryan_att, 14:22:03)
    5. https://jira.acumos.org/browse/ACUMOS-1094 (talasila, 14:24:47)
    6. Nexus-IQ produces a report that will be reviewed by the PTLs and (1) any issues corrected; (2) any false positives explained and removed from future reports (bryan_att, 14:29:30)
    7. Bryan: we should investigate using Nexus-IQ for model scanning (bryan_att, 14:30:27)
    8. Bryan: the Nexus-IQ tool does seem to address the goals for the project scanning; we need to work with PTLs to get them familiar and addressing the issues (bryan_att, 14:41:00)
    9. In the meantime we will review (on these calls) the items for core components and provide input to the PTL on this call - we will invite the PTLs to meetings planned to review their components (bryan_att, 14:42:21)
    10. To start with CDS and portal, then onboarding and design studio; then we will have a working process and tackle the rest (bryan_att, 14:43:08)
    11. Manoop: we will come up with a plan for this release and following as needed (bryan_att, 14:44:34)
    12. We will list the items at a high level and address details offline (bryan_att, 14:45:48)
    13. Present: Bryan. Farheen. Guy, Manoop, Nat (bryan_att, 14:47:48)
    14. Bryan: for deployment hardening we should consider whether more customized microservice kernels ala what can be built using linuxkit, will provide any security or other advantages (e.g. efficiency, in terms of container size or resources when running). (bryan_att, 14:56:52)
    15. Guy: size-savings may be limited as much of the end-size of a container are the ML libraries/tools that are loaded during container generation (bryan_att, 14:57:45)
    16. Next meeting we will put CDS and Portal Nexus-IQ report discussion as the primary agenda items (bryan_att, 15:00:09)


Meeting ended at 15:00:52 UTC (full logs).

Action items

  1. (none)


People present (lines said)

  1. bryan_att (17)
  2. talasila (4)
  3. collabot (3)


Generated by MeetBot 0.1.4.