14:06:41 <bryan_att> #startmeeting Acumos TSC Security Committee
14:06:41 <collabot`> Meeting started Tue Jul  3 14:06:41 2018 UTC.  The chair is bryan_att. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:06:41 <collabot`> Useful Commands: #action #agreed #help #info #idea #link #topic.
14:06:41 <collabot`> The meeting name has been set to 'acumos_tsc_security_committee'
14:06:48 <bryan_att> #info Bryan Sullivan
14:06:58 <bryan_att> #topic Roll Call
14:09:03 <bryan_att> #info present: Bryan, Aimee
14:10:42 <aimeeu> #info #link https://wiki.acumos.org/display/CS/Tool+Comparison
14:11:00 <aimeeu> Tool comparison for security scanning and license scanning
14:11:44 <bryan_att> #info Strawman proposal (WIP) for security-verification (new name for validation-security) is at https://etherpad.acumos.org/p/security-verification
14:22:50 <bryan_att> #info Security-Verification is on the path to having design docs and impacts e.g. to CDS id'd in the sprint 1 (by two weeks from now).
14:23:27 <bryan_att> #info Project code security-verification we are looking at using the Anteater project from OPNFV.
14:23:53 <aimeeu> #info #link https://github.com/anteater/anteater
14:23:58 <bryan_att> #info This will benefit from cross-LF collaboration via the lf-releng list
14:24:51 <bryan_att> #info Also we will publish guidelines for projects/PTLs as the the rollout and impacts to their processes.
14:26:18 <bryan_att> #info Re platform security/hardening, we will need specific resources to help assess platform security weaknesses and propose remediations. Until we have these, that epic area may be at risk for this release.
14:26:52 <aimeeu> #info #link https://github.com/opnfv/releng/tree/master/jjb/ci_gate_security   example of how Anteater has been implemented in OPNFV gating process
14:27:50 <bryan_att> #info Bryan will send out a note to the list on whether the timing of these calls needs updating to promote more attendance, etc, in order to grow community support.
14:28:45 <bryan_att> #endmeeting