This message focuses on [crypto_credential_agility]. Reminder about the CII text: [crypto_credential_agility] The project MUST support storing authentication credentials (such as passwords and dynamic

Thank you all for your responses. Jonathan, the answer to most of these questions SHOULD lie in the realm of no brainers / standard use. But let’s look at [crypto_certificate_verification] for a momen

Here are the next few items that I think we need to work on with respect to moving forward with CII badging. These three have lots of projects marked [?] under the Silver level. [crypto_certificate_ve

To document the discussions at F2F and Jun 18 SECCOM, I’m writing the email. I need to hold off on in depth discussions until After June (big Deployment in my company) I have OOM Helm process document

Dear All, Please find an invitation for a dedicated meeting to agree with PTLs and ONAP community on libraries to be updated in El Alto release. List of potential libraries you will find in attached p

I will be setting up a series of meetings to update the VNF Security Requirements as part of the El Alto release. Please let me know if you would like to participate. ​​​​​Amy Zwarico, LMTS Chief Secu

Dear SECCOM members, As discussed during last meeting, here are a few slides about current situation in oparent for dependency management, as well as a few highlights. I asked some CLAMP team colleagu

Hello, I am pleased to inform you that this week during F2F DDF in Kista we have completed the analysis of ONAP security requirements. Special thanks to Samuli for leading this task and all security e

As a reminder the ONAP Zoom bridges will be reassigned and the host IDs changed for ruse by the DDF+Plugfest Tuesday through Friday. This is a standard practice whenever he have a community event. Rea

ONAP Meeting 2 is inviting you to a scheduled Zoom meeting. Join Zoom Meeting https://zoom.us/j/899097173 One tap mobile +16699006833,,899097173# US (San Jose) +16465588656,,899097173# US (New York) D

The web page https://support.apple.com/en-us/HT210176 lays out enhanced minimum requirements that Apple is going to require starting in iOS 13. I’m wondering how well AAF-generated certificates stack

Dear SECCOM, please find the attached proposal of procedure for exposing new Node Port in ONAP. The main goal of this procedure is to allow SECCOM to have better control over what's being exposed outs

(Bcc’d to: onap-seccom@...; onap-arc@...; onap-modelingsub@...; onap-usecasesub@...; onap-controlloopsub@...; onap-discuss@...) A new poll has been created: Poll closes noon Pacific, July 6th- The nex

This has been approved by a majority vote. -kenny

**Date:** 2019-05-28 **ID:** OSA-2019-026 **Title:** AAF Secret Management Service allows to access all stored data **CVE:** CVE-2019-12320 **Severity:** Important Affects ------- * AAF: before Dublin

**Date:** 2019-05-28 **ID:** OSA-2019-025 **Title:** Unprotected APIs/UIs exposed in CLI project **CVE:** CVE-2019-12130 **Severity:** Important Affects ------- * CLI: Dublin and earlier Description -

**Date:** 2019-05-28 **ID:** OSA-2019-024 **Title:** Unprotected APIs/UIs exposed in MSB project **CVE:** CVE-2019-12129 **Severity:** Important Affects ------- * MSB: Dublin and earlier Description -

**Date:** 2019-05-28 **ID:** OSA-2019-023 **Title:** Unprotected APIs/UIs exposed in SO project **CVE:** CVE-2019-12128 **Severity:** Important Affects ------- * SO: Dublin and earlier Description ---

**Date:** 2019-05-28 **ID:** OSA-2019-022 **Title:** Unprotected APIs/UIs exposed in OOM project **CVE:** CVE-2019-12127 **Severity:** Important Affects ------- * OOM: Dublin and earlier Description -

**Date:** 2019-05-28 **ID:** OSA-2019-021 **Title:** Unprotected APIs/UIs exposed in DCAE project **CVE:** CVE-2019-12126 **Severity:** Important Affects ------- * DCAE: Dublin and earlier Description