Security Working Group Meetings

Meetings will be biweekly on Wednesdays at 8 AM PT, starting February 15, 2023.

This document will contain an agenda for each meeting. To reserve time for a topic, add it here. Review of open tickets will be a recurring topic.

This document may contain notes on follow-ups.

February 15, 2023

Attendees

• Nils Semmelrock (TNG, devops)

• Som Sikdar (Meta, PM)

• Jordan Vrtanoski (Connect5G, TSC chair)

• Lucas Gonze (OSPOCO, security TPM)

• Micky Kumar (Wavelabs, testing)

• Prabina (Wavelabs, data plane, MME)

• Tapas (Wavelabs, devops, CI/CD)

• Bikram (Wavelabs, CI/CD)

Agenda

• Big picture "Near-Future of Magma Security"

• Credential handling is revised #14947

• Review open tickets

• Task List, Prioritized

Follow-ups

• Increase frequency to weekly, possibly with a smaller group

• Submit proposal on OpenSSF Scorecard to TSC. Program management on results. Make the scorecard value visible e.g. in a badge on the repo.

• Triage project board and consolidate documents. Create a single source of truth for security program management.

• Add security review to design phase and PR review or design review. Develop community processes to incorporate this. Document.

• Sytematize onboarding and offboarding. Review current membership. Consider a requirement that tokens and keys have expiration.

March 1, 2023

Agenda

• Review open tickets

• TBD

Follow-ups

• TBD