...
- Retire technical debt.
- Include vulnerability management.
- Identify and remove unmaintained code from release package.
- Upgrade dependencies (libraries, databases, language versions.)
- Interface security (APIs, GUIs, Portals.)
- Remove all secrets from code.
Goal for LFN projects: create an LFN security cookbook that documents how security best practices and tools can be implemented and used across LFN project.
Starting point: ONAP implementation of Security Best Practices, LFX security.
Documentation
- Provide security transparency to the users of the open source code.
- Known open vulnerabilities in project code and dependent packages.
- Vulnerabilities closed in the release by fixing code and upgrading packages.
- Secure and resilient configuration settings
- Integration points with external security system
- Certificate Authority (CA)
- Certificate management protocol support
- LDAP
- OAuth Authorization Server
- Log management systems
- Language version dependencies
- Third party component and version dependences
- databases such as Cassandra
- messaging such as Kafka
...