#opnfv-sec log

13:59:26 <LukeHinds> #startmeeting security group
13:59:26 <collabot> Meeting started Wed May 20 13:59:26 2015 UTC.  The chair is LukeHinds. Information about MeetBot at http://wiki.debian.org/MeetBot.
13:59:26 <collabot> Useful Commands: #action #agreed #help #info #idea #link #topic.
13:59:26 <collabot> The meeting name has been set to 'security_group'
13:59:47 <LukeHinds> #info will wait for more people. say hi if your alive
14:09:22 <mwinandy> hello?
14:16:15 <LukeHinds> Hi Marcel
14:16:25 <LukeHinds> any other guys here?
14:16:35 <LukeHinds> #link https://etherpad.opnfv.org/p/opnfv-sec-meetings
14:17:37 <mwinandy> probably all at OpenStack summit, I guess
14:18:13 <LukeHinds> very true
14:18:17 <LukeHinds> just remmeber tat
14:18:20 <LukeHinds> *that
14:18:26 <LukeHinds> might be a quiet meeting :)
14:18:45 <LukeHinds> I don't have much to update, do you?
14:19:10 <mwinandy> no, was sick last week, and busy with other this week :(
14:19:44 <mwinandy> but maybe have a question to you, and we can use the time here
14:24:18 <mwinandy> If you look at #link https://etherpad.opnfv.org/p/int-sec-policies I have there section 2 linking to OSVM now, and section 3 linking to the Secure Coding Guidelines. In addition, I plan to have section 3 also some more general policies (like passwords, use virus-scanner if putting binaries in repos, etc.). Section 4 then is about more specific security
14:24:19 <mwinandy> policies for developing OPNFV software. What do you think? Or is this too much overlap with secure coding guidelines?
14:29:13 <LukeHinds> i think thats a good idea
14:30:22 <mwinandy> ok good
14:30:31 <LukeHinds> in the openstack security guide they have some guidelines that can be refereed to around passwords for API's etc
14:31:03 <LukeHinds> agree with you, no overlap with secure coding, as yours is more on enviroment security
14:34:36 <mwinandy> So, there are two types of guidelines in general: a) like "validate your input" and b) "All REST APIs for VNFM should be encrypted". - just as some example.
14:34:53 <mwinandy> While a) is clearly Secure Coding Guidelines. Where would you put b) ?
14:59:27 <LukeHinds> Security Infrastructure Guidelines
14:59:48 <LukeHinds> Or Platform Security Guidelines
15:00:05 <LukeHinds> OPNFV Platform Security Guidelines
15:02:15 <mwinandy> ok, so that's then more another work item.
16:43:26 <LukeHinds> #endmeeting