CII Badging Clarification

Gerard Nugent
 

Hi SECCOM,
We are looking at our remaining items for Silver Badge and have a couple of inquiries.

For item:

The project MUST implement secure design principles (from "know_secure_design"), where applicable. If the project is not producing software, select "not applicable" (N/A).
The Saltzer and Schroeder principles are largely based around authorization and authentication. Is this covered by the use of AAF/CADI or is there something else we need to consider here?

For item:

Hardening mechanisms SHOULD be used in the software produced by the project so that software defects are less likely to result in security vulnerabilities.
From an individual project aspect what is expected here? Forcing use of HTTPS is a given but what else as a project (DMaaP Datarouter) would be expected of us?

Thanks for you time,
Gerard Nugent
Ericsson

 

Join onap-seccom@lists.onap.org to automatically receive all group messages.