/
Security & Observability SME seat

Security & Observability SME seat

Draft updated for Review

Security and Observability SME seat role definition

The scope of this seat will include, but not be limited to:

The role of the security and observability SME is to work with project TSCs, the TAC and the LFNGB to improve the security of the code produced by LFN projects and to advance use of open source technology for building holistic observability framework with best practices encompassing network fabric.

  1. Implementing more secure software development culture:

    1. Secure software development best practices and tools (e.g. from the survey table),

      • Software development best practices and tools that decrease the vulnerabilities in LFN project code (code scanning, package upgrades),

      • Software supply chain security best practices (SBOM, code/container signing) to increase the security transparency of LFN project code,

      • LFIT security practice improvement,

      • OpenSSF badging assistance.

    2. Identify cross open source project security issues and provide action recommendations.

    3. Keep track of regulatory cyber security requirements (such as US gov security mobilization plan and EU Cyber resilience act) and identify touch points for LFN projects.

    4. Providing subject matter expertise to the TAC.

    5. Advising the TAC on security related issues.

  2. Network Observability: Serve as the primary architect for how telemetry, monitoring, and analysis evolve across our ecosystem. The role is to ensure that LFN projects don't just "generate data," but provide the deep, actionable insights required for modern automated networking.

    1. Horizon Scanning & Technical Research: Proactively track global developments in observability (e.g., eBPF, OpenTelemetry, Flow-based analysis, and AI-driven anomaly detection). Evaluate how "state of the art" cloud-native observability patterns can be effectively translated to complex networking environments like RAN, Core, and Edge.

    2. Standardization of Best Practices: Develop and maintain a comprehensive set of observability best practices for LFN. This includes defining consistent schemas for logs, metrics, and traces to ensure interoperability and a unified "single pane of glass" experience across different open-source networking stacks.

    3. Cross-Project Technical Guidance: Act as a hands-on consultant for LFN projects . Provide architectural reviews and guidance to help project maintainers integrate observability frameworks natively into their codebases, moving the ecosystem toward "observability by design."

    4. Strategic TAC Briefing: Serve as the bridge between the observability community and LFN leadership. Provide regular, high-level briefings to the Technical Advisory Committee on emerging trends, potential gaps in the LFN portfolio, and strategic recommendations for new project pivots or partnerships.

Approved security Scope:

The scope of this seat will include, but not be limited to:

The role of the security SME is to work with project TSCs, the TAC and the LFNGB to improve the security of the code produced by LFN projects by

  • Implementing more secure software development culture:

    • Secure software development best practices and tools (e.g. from the survey table),

    • Software development best practices and tools that decrease the vulnerabilities in LFN project code (code scanning, package upgrades),

    • Software supply chain security best practices (SBOM, code/container signing) to increase the security transparency of LFN project code,

    • LFIT security practice improvement,

    • OpenSSF badging assistance.

  • Identify cross open source project security issues and provide action recommendations.

  • Keep track of the The Open Source Software Security Mobilization Plan implementation and identify touch points for LFN projects.

  • Providing subject matter expertise to the TAC.

  • Advising the TAC on security related issues.