-
Task
-
Resolution: Done
-
Medium
-
Frankfurt Release
-
VNFRQTS Sprint 32
Current Requirement
The VNF SHOULD have source code scanned using scanning tools (e.g., Fortify) and provide reports.
Proposed Requirement
The VNF provider MUST follow GSMA vendor practices, and <others> when developing the VNF in order to minimize the risk of vulnerabilities. See GSMA NESAS Network Equipment Security Assurance Scheme – Development and Lifecycle Security Requirements Version 1.0 (https://www.gsma.com/security/wp-content/uploads/2019/11/FS.16-NESAS-Development-and-Lifecycle-Security-Requirements-v1.0.pdf) and SEI CERT Coding Standards (https://wiki.sei.cmu.edu/confluence/display/seccode/SEI+CERT+Coding+Standards).
NOTE: Samuli will provide list of references