Versions Compared

Version Old Version 39 New Version Current
Changes made by

Ranny Haiby

Ranny Haiby

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Meeting RecordingThe Security Forum is where LFN community members can discuss anything security related. That may include threat analysis, industry trends, best practices, tools, etc.

...

  • OpenSSF badging:
  • Applicability to "non-code" projects
    • David invites review of the best-practices, and then providing feedback to him
  • Re-starting badging effort
    • Should be possible
  • Training 
    • There is a LF certificate that is good for two year
    • Recommend to have one maintainer take at least one course
  • Automatic scorecards
    • Automatically scan the repos
    • SLSA
  • Sigstore
    • Verify public key used
    • detect malicious signing, revocation
    • Facilitates easy signing of artifacts
    • There are several integrations ready, e.g. Maven
  • Recommendations:
    • Learn to develop secure code
    • OpenSSF badging
    • Use vulnerability tools
    • Monitor for vulnerabilities
    • Enable rapid updates
  • LFX SECURITY DASHBOARDS
    • Already have several of the automated tools integrated
  • Muddasar Ahmed - https://saf.mitre.org/#/ - Security Automation Framework for DevOps pipelines
  • Muddasar Ahmed - Any best practices for people and processes (in addition to the code itself)? 
    • The training course is people oriented
    • Some of the badging are process oriented
    • New initiative "Secure Software Factory" - aimed at recommending a pipeline for secure software production
  • Follow-up

Slides: https://docs.google.com/presentation/d/1VrLTfSV4K75XZCG7Mtb00RXQcGJFKk6Y0QQ91BVflCw/edit

Recording:video1793455011.mp4

...

December-12-2021 DDoS mitigation Discussion

Agenda/Minutes:

  • Mon Dec 13, 2021 10am – 11:30am Pacific Time  zoom.us/j/95225604398 
  • Peraton Labs DDOS Mitigation Technology Overview
    • Slide decks are not available for distribution yet - This is an introduction meeting. Follow-up meeting will be scheduled when slides are available if necessary
    • Peraton's project is focused on protecting edge2edge of a network operator's network. Focusing on OPS-5G DDoS attacks carried out by bots. The project delivers predominantly software, with some interfaces to hardware (switches). In OPS-5G network programmability is used as a measure for mitigating attacks (while not letting the programmability compromise security).
    • Discussion about where the project fits in the LFN landscape.
    • Next steps - Have a slide deck with technical material to share and have a follow-up meeting.

Next steps:


Action Items


March-21-2022 DDoS mitigation Discussion (follow up to Dec 12 discussion)

Agenda/Minutes:

  • This is a follow-up to the December meeting, including technical slides that were not previously available

Next steps:


Action Items


Recording:  video1184668288.mp4

Slides:  ProD3 overview for LF 20220321.pdf