#opnfv-meeting log

13:55:31 <LukeHinds> #startmeeting OPNFV Security Group
13:55:31 <collabot> Meeting started Wed Feb 18 13:55:31 2015 UTC.  The chair is LukeHinds. Information about MeetBot at http://wiki.debian.org/MeetBot.
13:55:31 <collabot> Useful Commands: #action #agreed #help #info #idea #link #topic.
13:55:31 <collabot> The meeting name has been set to 'opnfv_security_group'
13:55:49 <LukeHinds> #chair Luke Hinds
13:55:49 <collabot> Warning: Nick not in channel: Luke
13:55:49 <collabot> Warning: Nick not in channel: Hinds
13:55:49 <collabot> Current chairs: Hinds Luke LukeHinds
13:55:54 <LukeHinds> #chair LukeHinds
13:55:54 <collabot> Current chairs: Hinds Luke LukeHinds
13:56:11 <LukeHinds> #undo
13:56:40 <LukeHinds> #topic amendments to last meeting minutes
13:57:48 <LukeHinds> #link https://etherpad.opnfv.org/p/opnfv-sec-meetings <- agenda
13:59:26 <LukeHinds> #link https://wiki.opnfv.org/security/meetings/11022015 -< last meeting minutes
14:05:02 <MikeCamel> Agenda: amendments to last minutes...
14:05:33 <LukeHinds> #agree meetings ok
14:05:37 <MikeCamel> Minutes agreed OK.
14:06:08 <LukeHinds> #chair MikeCamel
14:06:08 <collabot> Current chairs: Hinds Luke LukeHinds MikeCamel
14:08:05 <LukeHinds> #agree agenda
14:09:53 <MikeCamel> Note open-endedness of the group's scope: some tasks won't be "start-finish" style.
14:10:05 <MikeCamel> TSC approved planned scope.
14:11:25 <MikeCamel> More of a working group than a "project".
14:13:13 <MikeCamel> Though there will be docs, best practices, requirements, etc. that come out of the group, but there's no perfect fit with 1 project type.
14:15:28 <MikeCamel> https://etherpad.opnfv.org/p/opnfv-sec
14:24:58 <MikeCamel> Tension between oversight, creating code, looking at research, etc.
14:28:03 <MikeCamel> #info consider secure coding guidelines
14:31:55 <LukeHinds> #agree we will remain on tech-discuss, but use a tag [opnfv-sec]
14:32:20 <MikeCamel> may create list as volume increases, and we know what the scope will be.
14:35:32 <LukeHinds> Am i audible?
14:36:25 <LukeHinds> #agree on advisory / vuln handling
14:38:59 <MikeCamel> there's lots of research out there which we can use and hopefully realise as actual architectures and code
14:43:01 <MikeCamel> ETSI NFV published documents can be shared: draft documents need to be checked.  We need to align with liaison policy for ETSI NFV and other groups.
14:43:46 <LukeHinds> #agree  Interwork with other security groups - with members present on all upstream groups
14:46:09 <MikeCamel> What types of guidance?  Configuration guidance is one obvious issue, ditto hardening.
14:47:36 <MikeCamel> Identifying references and deltas from existing types of deployments.
14:47:52 <MikeCamel> E.g. differences from Cloud Security Alliance guidance.
14:49:23 <MikeCamel> #agree remove governance and risk pieces from scope
14:51:04 <LukeHinds> #agree  Security Guidelines -  Develop / reference existing documentation on security best practices around installation, configuration, hardening.
14:57:02 <LukeHinds> #agree  Internal OPNFV Security Best Practices - Scope should cover both deployment / configuration etc (for internal infra), and Development (secure coding conventions etc)?
14:59:15 <LukeHinds> #agree  Security Change Reviews (gerrit)
15:01:14 <LukeHinds> #agree Research and Development
15:02:10 <LukeHinds> #action provide more phone access numbers (investigate)
15:02:30 <LukeHinds> #endmeeting