Hello, I wanted to open up to the community in more detail, the plans we have for the security audit.
Its a four pronged process.. 1. Look at dependencies (modules / libraries) used and attempt to verify no known risks are associated with said dependencies. 2. Perform a secure code audit to look for potential security risks such as shell executions, sql injections etc. More details here: https://wiki.opnfv.org/display/security/Securecode 3. Look for use of weak cryptography / hashing algorithms. 4. Encourage compliance to the LF Badge program. Members of the security team will each perform this audit, and will contact the PTL and core committers on each project with the results. The project itself, can then contact the security group to discuss or seek advice, should they need it. We are open to feedback on the whole process as well. Our plan is try trial the process for Colorado, and then have it as a milestone for D-release. Thanks, Luke - OPNFV Security Group
_______________________________________________ opnfv-tech-discuss mailing list opnfv-tech-discuss@lists.opnfv.org https://lists.opnfv.org/mailman/listinfo/opnfv-tech-discuss
