Update – correcting the time Update: The agenda can be found at: https://wiki.onap.org/display/DW/ONAP+Security+coordination -- Hi All, Here is a regular call for the ONAP security committee team meet

Please add the common authentication/authorization service to the agenda for the 10/11 Security subteam meeting.

I suggest putting this on the agenda for the 10/11 meeting

I’ve added a list of passing (bronze) requirement that non-projects have to satisfy. I’m pretty adamant about getting crypto right the first time and documentation. I will take a stab at silver and go

I plan on attending

Review the TSC decision on bug fixes and security patching for the Amsterdam release. ​​​​​Amy Zwarico, LMTS Chief Security Office / Enterprise Security Support / Cloud Security Services AT&T Services

Martial Ngueko, project technical lead for CLAMP, said that the CLAMP team has not done any further work on CII badging. -Amy

https://tools.ietf.org/html/rfc7009

I will be hosting tomorrow’s seccom call while Steve is on vacation. Attached is the agenda. -Amy

Several of us from the ONAP sub-committee who are attending ONS are going to meet on Wednesday morning at 8am on the tables on the 6th floor of the Intercontinental hotel. If you are at ONS, please gr

Hi Kanagaraj, I was reviewing the CLI known vulnerability analysis – thank-you for providing that (https://wiki.onap.org/pages/viewpage.action?pageId=28377287) 1. You stated that the use of the common

Hi Seshu, I was reviewing the SO known vulnerability analysis – thank-you for providing that (https://wiki.onap.org/pages/viewpage.action?pageId=28377799) 1. Is the vulnerability in camunda-webapp-jbo

Hi Tao, I was reviewing the Usecase-UI known vulnerability analysis – thank-you for providing that (https://wiki.onap.org/pages/viewpage.action?pageId= 28379767) 1. Please clarify what you mean by the

Hi Yan, I was reviewing the Usecase-UI known vulnerability analysis – thank-you for providing that (https://wiki.onap.org/pages/viewpage.action?pageId=25437810) 1. Is VF-C using the vulnerable compone

A few of us who were at ONS had an ad hoc meeting on Wednesday morning to create a proposed prioritization of the seccom deliverables for Casablanca. Attached are the notes and prioritization. This wi

Thank you for the update. Please update the vulnerability analysis for CLI at (https://wiki.onap.org/pages/viewpage.action?pageId=28377287) with this information.

Thank you for the information. Please update the vulnerability analysis in the wiki (https://wiki.onap.org/pages/viewpage.action?pageId=25437810) with this information. Thank you, Amy

I agree. Good catch.

Either option works for me

In my opinion, it is the CLAMP note is good and can be followed by each of the projects. I suggest modifying the second sentence to read “CLAMP code is formally scanned at build time using NexusIQ,…”