Hi all, You may follow the security space and already be aware of the open source vulnerability that led to the recent Equifax breach. I want the TSC to seriously consider seeking budget to incorporate detailed security scanning for any open source software included in OPNFV platform builds. By crowd-sourcing the effort for this, OPNFV can make a very strong contribution to the reliability of platforms it releases, as well as benefit its members who may already be scanning code internally - essentially upstreaming that effort, or a large part of it.
If there's time tomorrow on the TSC call, I would like 5-10 mins to further describe the proposal if needed. For more info see e.g.: https://blog.blackducksoftware.com/equifax-apache-struts-cve-2017-5638-vulnerability https://blog.blackducksoftware.com/threat-check-for-struts-released-equifax-breach-dominates-news Thanks, Bryan Sullivan | AT&T
_______________________________________________ opnfv-tech-discuss mailing list opnfv-tech-discuss@lists.opnfv.org https://lists.opnfv.org/mailman/listinfo/opnfv-tech-discuss
