We talked about this at the face-to-face in Santa Clara. We agreed not to over-specify coordinators or subcommittees in the Charter, but instead set up a framework so that the TSC can add them once the Charter is in place. We specifically talked about security ? while we?re bootstrapping, security questions go to Phil Robb, but once the Charter is in place, we expect to have a security team to handle vulnerability reports. Of course, each individual project is responsible for the security of its component.
Chris From: SPATSCHECK, OLIVER (OLIVER) [mailto:spat...@research.att.com] Sent: Thursday, April 20, 2017 4:55 AM To: GOLDNER, ALLA Cc: Don Clarke; Christopher Donley (Chris); onap-tsc at lists.onap.org; Ed Warnicke Subject: Re: [onap-tsc] Updated TSC Charter I would have expected to have at least a coordinator focused on this or even better a project which builds risk analysis tools and guidelines for ONAP. You can define them under the release requirements but unless you have a group of people working out the tools and details they really don?t mean much and I don?t think you want to distribute this to all the individual component projects. Oliver On Apr 20, 2017, at 1:51 AM, GOLDNER, ALLA <alla.goldner at amdocs.com<mailto:alla.goldner at amdocs.com>> wrote: Hi Don, all, I believe this would be covered under Release requirements, once we define those. Best regards, Alla From: onap-tsc-bounces at lists.onap.org<mailto:onap-tsc-bounces at lists.onap.org> [mailto:onap-tsc-boun...@lists.onap.org] On Behalf Of Don Clarke Sent: Thursday, April 20, 2017 8:48 AM To: Christopher Donley (Chris) <Christopher.Donley at huawei.com<mailto:Christopher.Donley at huawei.com>>; onap-tsc at lists.onap.org<mailto:onap-tsc at lists.onap.org> Cc: Ed Warnicke <eaw at cisco.com<mailto:eaw at cisco.com>> Subject: Re: [onap-tsc] Updated TSC Charter Chris, Regulators are concerned about the impact of virtualization on the resilience of critical national infrastructures (they have turned-up at ETSI NFV meetings). Will there be a formalized ONAP process to minimize security vulnerabilities and/or undertake risk analysis in relation to critical components of the platform? I don?t see anything in the charter, would these aspects fall under (e.g.) the TSC Responsibility for ?defining release quality standards?? I don?t think this should be left to individual project teams to figure out. Thanks, Don. From: onap-tsc-bounces at lists.onap.org<mailto:onap-tsc-bounces at lists.onap.org> [mailto:onap-tsc-boun...@lists.onap.org] On Behalf Of Christopher Donley (Chris) Sent: Wednesday, April 19, 2017 9:45 AM To: onap-tsc at lists.onap.org<mailto:onap-tsc at lists.onap.org> Cc: Ed Warnicke Subject: [onap-tsc] Updated TSC Charter Dear TSC, On behalf of the Charter drafting team, please find attached an updated version of the TSC Charter incorporating your suggestions and feedback from the last review. We have attempted to highlight the open issues that need a decision from the TSC. We are sending this draft with the intention that you review it in preparation for discussion and voting during our next TSC meeting. Chris, Steve, Ed, Lingli, Alla, and Phil This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at https://www.amdocs.com/about/email-disclaimer<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.amdocs.com_about_email-2Ddisclaimer&d=DwMFAg&c=LFYZ-o9_HUMeMTSQicvjIg&r=3WBYkehchaQg0p_gO26aU_ahomnFHCk_-us7kcQebm4&m=qanJmrKS-8k07dPd2m4vkZO_i076Fj4PF-Z_thIkNw0&s=ZQWOusx5K1pirGXMQqTdJ2gLSS1c8QUaIsa1vwqQrWI&e=> _______________________________________________ ONAP-TSC mailing list ONAP-TSC at lists.onap.org<mailto:ONAP-TSC at lists.onap.org> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.onap.org_mailman_listinfo_onap-2Dtsc&d=DwICAg&c=LFYZ-o9_HUMeMTSQicvjIg&r=3WBYkehchaQg0p_gO26aU_ahomnFHCk_-us7kcQebm4&m=qanJmrKS-8k07dPd2m4vkZO_i076Fj4PF-Z_thIkNw0&s=pJET50QlbJFhc7UGw25LtzuYI1yz0pcrvdaq_1clvDw&e= -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.onap.org/pipermail/onap-tsc/attachments/20170420/1deb9b9f/attachment-0001.html>