OPNFV Security Group
A group dedicated to improve OPNFV security through architecture, documentation, code review, upstream inter-work with other groups, vulnerability management and security research.
Provide an ‘umbrella’ group to encourage development of security centric functions within the OPNFV eco-system.
Effectively handle vulnerability and threats in a co-ordinated manner.
The Core Infrastructure Initiative (CII) Best Practices badge is a way for Free/Libre and Open Source Software (FLOSS) projects to show that they follow best security practices.
OPNFV's Badge: https://bestpractices.coreinfrastructure.org/projects/164
Key Project Facts
Project Creation Date: Jan 22, 2015
Lifecycle State: Approved
Project Lead: Luke Hinds , Red Hat
Jira Project Name: OPNFV Security group
Jira Project Prefix: opnfv-sec
- Aric Gardner, Linux Foundation
Curtis Collicutt, Interdynamix
Fatih Degirmenci, Ericsson
Ray Paik, Linux Foundation
- Marcel Winandy, Huawei
Trevor Bramwell, Linux Foundation
Security team’s mail alias:
To subscribe or unsubscribe via the World Wide Web, visit:
Every Wednesday at 14:00pm UTC
- Note, we only meet on IRC. Conference bridges can be set up for specific topics.
The OPNFV Security Group hosts the following security projects
Automated NIST based SCAP scans to insure the OPNFV platform deploys free from known CVE vulnerabilities, and meets a security compliance level.
Ensure the existing Audit framework for the critical components in OPNFV are extensive enough and compliant to industry standards and foreseeable business use cases.
Guide to securing the OPNFV platform
OPNFV Security Group Processes
List of some major components in OPNFV eco-system and link to the security advisory, CVE-list, etc.
Security Related News/blogs
- ETSI NFV SEC 012 "System architecture specification for execution of sensitive NFV components" is available
- ETSI released three more specs relevant for security
- CIS published update on their security guidance
- Amazon launches Inspector, a tool that automatically finds security and compliance issues
- Google launches its Cloud Platform Security Scanner ..
- AWS Deployment With Security_monkey
- Certificate authorities issue SSL certificates to fraudsters
- SANS: 20 critical security controls you need to add
- How Diffie-Hellman Fails in Practice