Already done. Thanks, Bryan Sullivan | AT&T
From: Raymond Paik [mailto:rp...@linuxfoundation.org] Sent: Tuesday, October 10, 2017 5:56 AM To: SULLIVAN, BRYAN L (BRYAN L) <bryan.sulli...@research.att.com> Cc: opnfv-...@lists.opnfv.org; opnfv-tech-discuss@lists.opnfv.org Subject: Re: [opnfv-tech-discuss] Request for AOB Item in next TSC Call: OPNFV Should Take a Lead Role in Open Source NFV Platform Security Scanning Bryan, In case we don't have time for this today, you can also discuss this in the Infra WG call on Mondays that now also includes the Security team.... Thanks, Ray On Mon, Oct 9, 2017 at 5:55 PM, SULLIVAN, BRYAN L (BRYAN L) <bryan.sulli...@research.att.com<mailto:bryan.sulli...@research.att.com>> wrote: Hi all, You may follow the security space and already be aware of the open source vulnerability that led to the recent Equifax breach. I want the TSC to seriously consider seeking budget to incorporate detailed security scanning for any open source software included in OPNFV platform builds. By crowd-sourcing the effort for this, OPNFV can make a very strong contribution to the reliability of platforms it releases, as well as benefit its members who may already be scanning code internally – essentially upstreaming that effort, or a large part of it. If there’s time tomorrow on the TSC call, I would like 5-10 mins to further describe the proposal if needed. For more info see e.g.: https://blog.blackducksoftware.com/equifax-apache-struts-cve-2017-5638-vulnerability<https://urldefense.proofpoint.com/v2/url?u=https-3A__blog.blackducksoftware.com_equifax-2Dapache-2Dstruts-2Dcve-2D2017-2D5638-2Dvulnerability&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=ML-JPRZQOfToJjMwlJLPlcWimAEwMA5DZGNIrk-cgy0&m=2HIzuP0ExN7vZAbgIr95v-ARAypMpJtPLFqf6PDL19Y&s=Mqzjc7n36kM_7POO21gbXwsucWJDjRGzixXHVz8jF1U&e=> https://blog.blackducksoftware.com/threat-check-for-struts-released-equifax-breach-dominates-news<https://urldefense.proofpoint.com/v2/url?u=https-3A__blog.blackducksoftware.com_threat-2Dcheck-2Dfor-2Dstruts-2Dreleased-2Dequifax-2Dbreach-2Ddominates-2Dnews&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=ML-JPRZQOfToJjMwlJLPlcWimAEwMA5DZGNIrk-cgy0&m=2HIzuP0ExN7vZAbgIr95v-ARAypMpJtPLFqf6PDL19Y&s=VJ0bG3CMzVsvE1ML-OLRCoxclNV5DwKMaWKB3Ag04n4&e=> Thanks, Bryan Sullivan | AT&T _______________________________________________ opnfv-tech-discuss mailing list opnfv-tech-discuss@lists.opnfv.org<mailto:opnfv-tech-discuss@lists.opnfv.org> https://lists.opnfv.org/mailman/listinfo/opnfv-tech-discuss<https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.opnfv.org_mailman_listinfo_opnfv-2Dtech-2Ddiscuss&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=ML-JPRZQOfToJjMwlJLPlcWimAEwMA5DZGNIrk-cgy0&m=2HIzuP0ExN7vZAbgIr95v-ARAypMpJtPLFqf6PDL19Y&s=mGyAGnuP4uKMXR-dh7xs1B3q1tjl75AIx5A64s4aiGk&e=>
_______________________________________________ opnfv-tech-discuss mailing list opnfv-tech-discuss@lists.opnfv.org https://lists.opnfv.org/mailman/listinfo/opnfv-tech-discuss