Uploaded image for project: 'Release Requirements'
  1. Release Requirements
  2. REQ-443

CONTINUATION OF BEST PRACTICES BADGING SCORE IMPROVEMENTS FOR SILVER LEVEL

XMLWordPrintable

    • Icon: Epic Epic
    • Resolution: Unresolved
    • Icon: Highest Highest
    • Honolulu Release
    • None
    • CII Badging updates
    • Best Practice (global - all code)
    • 1
    • Not required
    • Original Scope
    • XS
    • GO
    • GO
    • GO

      Description of Use Case / Requirement:

      ONAP project will provide their feedback for the Application Security questions:

      1. Crypto Credentials Agility – ½ of apps in met and almost half not yet answered
      2. Implement Secure Design – 1/3 of projects did not answer 
      3. Crypto Weaknesses – tests to be applied (3 including Morgan)
        • 39 crypto weaknesses have been discovered in the SonarCube scans, each of which can be fixed by changing a value in the code (requires less than 30min of work by a developer). SECCOM can provide recommendations
        • 134 instances of bypassed host verification or certificate validation have been identified in the code, which need to be reviewed with the PTLs
      4. For Istanbul, the security issues we will concentrate on are:
        • command injection - 1 issue found in 1 project
        • sql injection - 5 issues found in 4 projects
        • xss (cross site scripting) - 11 issues found in 7 projects
        • xxe (XML External Entity) - 38 issues found in 13 projects

        Projects that have already answered this question positively, should verify that the answer is still correct.

      Should be the Assignee - use @ notation): TonyLHansen , zwarico , 

      Pawel_P

       

      Link to HLD/LLD (if any):

       

      Dependency Relationships with Other Projects:

       

      Project Impact (Test Only (TO), Code (C)): C **

       

      Support Status for each Affected Project (Supported (S); Partially Supported (P); Not Supported (N)):

      Note: for any affected projects labeled 'P' or 'N', please document the resulting gaps.

       

      Integration Leads (use @ notation): 

       

      Company Engagement: 

       

       

        1.
        		 Crypto Credentials Agility CII Badging Score Improvements Sub-task In Progress tonylhansen
        2.
        		 Implement Secure Design CII Badging Score Improvements Sub-task In Progress tonylhansen

            tonylhansen tonylhansen
            pawel_p pawel_p
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated: