OPNFV Security Group
A group dedicated to improve OPNFV security through architecture, documentation, code review, vulnerability management.
Security is part of the INFRA working group, together with Releng, Octopus and Pharos. See more information at https://wiki.opnfv.org/display/INF.
The Core Infrastructure Initiative (CII) Best Practices badge is a way for Free/Libre and Open Source Software (FLOSS) projects to show that they follow best security practices.
OPNFV's Badge: https://bestpractices.coreinfrastructure.org/projects/164
Key Project Facts
Project Creation Date: Jan 22, 2015
Lifecycle State: Approved
Project Lead: Luke Hinds , Red Hat
Jira Project Name: OPNFV Security group
Jira Project Prefix: opnfv-sec
- Aric Gardner, Linux Foundation
Curtis Collicutt, Interdynamix
Fatih Degirmenci, Ericsson
Ray Paik, Linux Foundation
- Marcel Winandy, Huawei
Trevor Bramwell, Linux Foundation
- Security team’s mail alias: email@example.com
- To subscribe or unsubscribe via the World Wide Web, visit: https://lists.opnfv.org/mailman/listinfo/opnfv-security
- Security Meetings are part of INFRA meetings Weekly on Wednesday at 15:00 UTC (8am PST), see more at Infra Working Group
New Meeting Times (valid from 3th April 2017)
- Weekly on Monday at 8:00 (PST) / 16:00 (UTC, Winter), 15:00 (UTC, during daylight saving in US)
- IRC #opnfv-meeting - freenode.net
- Goto Meeting link : https://global.gotomeeting.com/join/819733085
- Infra Working Group - Wiki Page for Infra cross-project topics
- An IRC channel is open for any out of meeting security discussions at #opnfv-sec on freenod
The OPNFV Security Group hosts the following security projects
Automated NIST based SCAP scans to insure the OPNFV platform deploys free from known CVE vulnerabilities, and meets a security compliance level.
OPNFV Security Group Processes
List of some major components in OPNFV eco-system and link to the security advisory, CVE-list, etc.
Security Related News/blogs
- ETSI NFV SEC 012 "System architecture specification for execution of sensitive NFV components" is available
- ETSI released three more specs relevant for security
- CIS published update on their security guidance
- Amazon launches Inspector, a tool that automatically finds security and compliance issues
- Google launches its Cloud Platform Security Scanner ..
- AWS Deployment With Security_monkey
- Certificate authorities issue SSL certificates to fraudsters
- SANS: 20 critical security controls you need to add
- How Diffie-Hellman Fails in Practice