2021-06-09 - Anuket: Cloud Infrastructure Security

Owned by Karine Sevilla
Last updated: Jun 10, 2021
1 min read



Topic Leader(s)

  • @Karine Sevilla

  • @Walter.kozlowski

Mediator

  • @Pankaj.Goyal

Topic Overview

60 min @Karine Sevilla , @Walter.kozlowski (Europe & APAC leaders) 

Security is key within a virtualized environment, it's an important topic for Anuket which aims to specify a trusted Cloud Infrastructure for workloads.

During this session, we will discuss the updates made to the Reference Model for Kali release: open source software security, automation security challenges...

Slides & Recording

Recording: Cloud Infrastructure Security.mp4

YouTube

Live Interactive Session





Agenda

  • Reference Model security status

  • GSMA cross collaboration

  • Security updates included in Kali

  • Next steps

Minutes

  • RM Security Chapter 7

  • Cedric Ollivier: recommend to TSC to "Expand CVE from Functest to other Anuket projects and make the req.sec.oss.001 and req.sec.oss.002 requirements mandatory in the Anuket release process."

  • Cedric Ollivier: req.sec.code.004 - IDE Plugins are not the best way to check. It's better to run them in gates and not recommend any IDE.

  • Tools where do they belong – RM, RA, RI and RC?

  • Cédric Ollivier: Trivy is an easy tool to integrate in testing chain, Clair will be more difficult to integrate.

  • Cedric Ollivier: kube-monkey (chaos monkey)

  • The Six Pillars appears to be "waterfall" stages – need to ensure that the activities can be incorporated in an agile methodology too.

Action Items