Hi Pam, Thanks for the reply. For the vulnerabilities that remain due to e.g. backwards compatibility, can we be clear about the exposure of the risk to ONAP in the impact analysis.
BR, Steve From: DRAGOSH, PAMELA L (PAM) [mailto:[email protected]] Sent: Monday, April 02, 2018 1:31 PM To: Stephen Terrill <[email protected]> Cc: [email protected]; onap-tsc <[email protected]> Subject: Re: Review of Policy known vulnerability Analysis Stephen, We are introducing a change in functionality that bypasses this code in Beijing, but it is a late addition. We will need to support the use of this code for backwards compatibility until we can fully vet the new functionality works and we can switch to it completely to deprecate the other code. We hope that we can test and fix the new functionality over the next few weeks. Pam From: Stephen Terrill <[email protected]<mailto:[email protected]>> Date: Friday, March 30, 2018 at 3:39 PM To: "DRAGOSH, PAMELA L (PAM)" <[email protected]<mailto:[email protected]>> Cc: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>>, onap-tsc <[email protected]<mailto:[email protected]>> Subject: Review of Policy known vulnerability Analysis Hi Pam, I am reviewing the known vulnerability analysis for Policy (https://wiki.onap.org/pages/viewpage.action?pageId=25437092<https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.onap.org_pages_viewpage.action-3FpageId-3D25437092&d=DwMFAw&c=LFYZ-o9_HUMeMTSQicvjIg&r=jwTiArcEj6aUX0HjV0M3dT12gUtk7rC07xpgpVZkS_4&m=j8Gv-qzcAmG1BG1BuclfHzh7GfCbxaY5R60DavMb2rI&s=WpF6UwvR-KYtHRoZjoCSMv1ydKuVWjHviBKuTK6xWE4&e=> ), thankyou for the analysis. I had a question on “commons-client”, where the text indicates “We are building functionality that by-passes the code that uses this dependency into a new beijing template for control loops. We are targeting deprecation of the BRMS Gateway code in policy/engine over the next release or two”. Is this something that is to be fixed in Beijing? For Jacksonbind, please look at the example from MSB to assist you in your analysis. BR, Steve. [ricsson]<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.ericsson.com_&d=DwMFAw&c=LFYZ-o9_HUMeMTSQicvjIg&r=jwTiArcEj6aUX0HjV0M3dT12gUtk7rC07xpgpVZkS_4&m=j8Gv-qzcAmG1BG1BuclfHzh7GfCbxaY5R60DavMb2rI&s=-6uwrGj9mHXm0kdNlB_a5x_YMWfVGMilUPjhhpwNuCI&e=> STEPHEN TERRILL Technology Specialist POA Architecture and Solutions Business Unit Digital Services Ericsson Ericsson R&D Center, via de los Poblados 13 28033, Madrid, Spain Phone +34 339 3005 Mobile +34 609 168 515 [email protected]<mailto:[email protected]> www.ericsson.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.ericsson.com&d=DwQFAw&c=LFYZ-o9_HUMeMTSQicvjIg&r=jwTiArcEj6aUX0HjV0M3dT12gUtk7rC07xpgpVZkS_4&m=j8Gv-qzcAmG1BG1BuclfHzh7GfCbxaY5R60DavMb2rI&s=E7aTSWbIw4jahsq7Td3GzRWuDLyQHPjTSedCVdI9S6M&e=> [ttp://www.ericsson.com/current_campaign]<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.ericsson.com_current-5Fcampaign&d=DwMFAw&c=LFYZ-o9_HUMeMTSQicvjIg&r=jwTiArcEj6aUX0HjV0M3dT12gUtk7rC07xpgpVZkS_4&m=j8Gv-qzcAmG1BG1BuclfHzh7GfCbxaY5R60DavMb2rI&s=Li1HoXDppF_VyTDGmtsCYwCqQ2asI7s5LHmG9USB4bk&e=> Legal entity: Ericsson España S.A, compay registration number ESA288568603. This Communication is Confidential. We only send and receive email on the basis of the terms set out at www.ericsson.com/email_disclaimer<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.ericsson.com_email-5Fdisclaimer&d=DwMFAw&c=LFYZ-o9_HUMeMTSQicvjIg&r=jwTiArcEj6aUX0HjV0M3dT12gUtk7rC07xpgpVZkS_4&m=j8Gv-qzcAmG1BG1BuclfHzh7GfCbxaY5R60DavMb2rI&s=_9d1iQKBv7C70qCQckdHYFbCetguWZBkScYxIaXhOQE&e=>
_______________________________________________ ONAP-TSC mailing list [email protected] https://lists.onap.org/mailman/listinfo/onap-tsc
