Akraino Security Sub-Committee Meeting Agenda 9/28/2020
Attendees:
- Randy Stricklin
- Wenhui Zhang
- Tina Tsou
- Daniil Egranov
- Mark Meunier
- Hai
Agenda:
- Shard Mishra from Intel is looking for someone there that can help us with their version of Platform Security Architecture (PSA).
- Open Network & Edge Summit (ONES): Virtual 9/28-9/30
- Questions from Yin Ding
- We are following this page: https://wiki.akraino.org/display/AK/Bluval+User+Guide
- Vuls: All these issues are from upstream OS. Will you give exceptions to them?
All the packages have been updated or upgraded to latest version in the repo. There are 4 CVEs with CVSS score > 9.0. These require upstream kernel patches, i.e.
- Need to state on the security wiki concerning host security. (HW/OS/blueprints)
- blueprint owner develops on their own/controlled system, OS can be modified (full stack)
- blueprint owner only controls above OS level (test environment)
http://nvd.nist.gov/vuln/detail/CVE-2019-19814
http://nvd.nist.gov/vuln/detail/CVE-2018-20839
http://nvd.nist.gov/vuln/detail/CVE-2017-8283
http://nvd.nist.gov/vuln/detail/CVE-2016-1585
- Conformance:
- Sonobuoy is not compatible with KubeEdge architecture. Is it still needed for Release 4?
- Is Sonobuoy still being updated? Why does it not support KubeEdge, it there plans for support?
- Check with BlueVal concerning where Sonobuoy logs/reports are sent.
- Sonobuoy is not compatible with KubeEdge architecture. Is it still needed for Release 4?
Hai joined:
- Stated that they have installed the latest versions of Ubuntu and CentOS in their labs the CVE’s listed above are still there. These vulnerabilities have not been fixed by these OS vendors yet.
Next week:
Marc was hoping that the questions around PKCS11 were going to be discussed...
Srini raised it before.