[onap-tsc] Review of SDC known vulnerability analysis

Hi Michael, Thanks for the known vulnerability analysis (https://wiki.onap.org/pages/viewpage.action?pageId=28377537). I had a few questions: For aaf-authz-docker (com.thoughtworks.xstream), I couldn't quite understand the analysis and your understanding of the exposure that SDC has to the

[onap-tsc] Review of SDC known vulnerability Analysis

Hi Dan, Thank-you for the report on the SDC known vulernabilities - https://wiki.onap.org/pages/viewpage.action?pageId=28379582 . For most of the impacts it states that low risk - only occurs in design tool (dgbuilder). How is this tool used by SDNC? Is it used in the runtime environment,

[onap-tsc] Known vulnerability analysis of AAF

Hi Ram, Thanks for the review of the known vulnerabilities for AAF: https://wiki.onap.org/pages/viewpage.action?pageId=28380057 I note that the actions are still work in progress - do you have an estimated time for the analysis. In the analysis, it would be great if you consider whether the

Re: [onap-tsc] f2f meeting in June

Hi Alla, It will be the week of June 19th in Beijing. The site should be finalized this week. Best Regards, -kenny Kenny Paul, Technical Program Manager, The Linux Foundation kp...@linuxfoundation.org, 510.766.5945 San Francisco Bay Area, Pacific Time Zone > On Mar 31, 2018, at 11:18 PM,

Re: [onap-tsc] Review of VID known vulnerability analysis

Hi Steve, Thanks for your comment. I've updated the wiki page (https://wiki.onap.org/pages/viewpage.action?pageId=28378623) with the relevant impact on most of the issues. A few issues are still under investigation (marked TBD), as we still try to upgrade as many dependencies to a

[onap-tsc] Review of VID known vulnerability analysis

Hi Amichai and Ofir, Thank-you for your known vulnerability analysis of vid (https://wiki.onap.org/pages/viewpage.action?pageId=28378623). For the vulnerabilities for where there is no fix, do you have an analysis of how VID uses the imported code so that the implications of the risk can be

[onap-tsc] Known vulnerability analysis for AAI

Hi Jimmy, Thank-you for the impressive known vulnerability analysis of AAI. You have informed me that a lot of the vulnerabilities are associated with components that you are upgrading/replacing. Can you please inform me when that is done. I note that aai/gizmo (org.apache.httpcomponents)

Re: [onap-tsc] Known vulnerability analysis of CLI

Hi Amy, Pls find my answers inline and let me know if additional details required. Thanks Regards Kanagaraj M - Be transparent! Win together !!

Re: [onap-tsc] Review of Policy known vulnerability Analysis

Stephen, We are introducing a change in functionality that bypasses this code in Beijing, but it is a late addition. We will need to support the use of this code for backwards compatibility until we can fully vet the new functionality works and we can switch to it completely to deprecate the

Re: [onap-tsc] Review of SDC known vulnerability Analysis

Steve, The dgbuilder is a design time tool. We use it to create and update the directed graphs, which then get stored in Gerrit and managed from there as source code. Eventually we’d like to support using the dgbuilder as an editor integrated with SDC at run time to update and deploy new

Re: [onap-tsc] Review of Policy known vulnerability Analysis

Hi Pam, Thanks for the reply. For the vulnerabilities that remain due to e.g. backwards compatibility, can we be clear about the exposure of the risk to ONAP in the impact analysis. BR, Steve From: DRAGOSH, PAMELA L (PAM) [mailto:pdrag...@research.att.com] Sent: Monday, April 02, 2018 1:31

Re: [onap-tsc] Casablanca release goals Venn diagram

Thanks Ranny for creating the Gliffy diagram. You deciphered properly all my handwritting:) Thanks, Gildas ONAP Release Manager 1 415 238 6287 From: Haiby, Ranny (Nokia - US/San Jose) [mailto:ranny.ha...@nokia.com] Sent: Friday, March 30, 2018 11:20 AM To: onap-tsc Cc:

[onap-tsc] ONAP-University : ONAP Webinars for experience/knowledge sharing.

Dear All, As discussed in TSC meeting last week at ONS; ONAP-University sub-committee will lead the effort to share ONAP experience/learnings. I will be in transit this Thursday and hence will have delegate attend TSC. However, would like to start the process of arriving at calendar/schedule.

Re: [onap-tsc] Known vulnerability analysis of AAF

Sai, Jonathan - Any thoughts on this? From: Stephen Terrill [mailto:stephen.terr...@ericsson.com] Sent: Monday, April 02, 2018 2:59 AM To: KOYA, RAMPRASAD Cc: onap-sec...@lists.onap.org; onap-tsc Subject: Known vulnerability analysis of AAF Hi Ram,

Re: [onap-tsc] Casablanca Release Timeline draft proposal for review

Hi Vladimir, Since I wrote this email, a bit of changes came into play (cf attached email). There is the introduction of end-user advisory committee who help into defining priorities and will feed in the usecase committee. The "E2E Release Use Case Approval" milestone help into streamlining the