Jim St. Leger (Intel)
08:34
lfx.dev gets you to the tool suite
Jim St. Leger (Intel)
08:51
under "Tools" you'll see Insights which folks have been using
Jim St. Leger (Intel)
09:05
and Security which was discsussed last week
Jim St. Leger (Intel)
09:48
https://lfx.linuxfoundation.org/tools/security
Glen Darling @mosquito (IBM)
10:14
Thanks, Jim.
Jim St. Leger (Intel)
31:39
For reference: Akraino Security sub-committee that Tina is speaking about https://wiki.akraino.org/display/AK/Security+Sub-committee
Jim St. Leger (Intel)
34:23
maybe add something wrt security report into the annual report elements? (thinking about Anil's comment)
Jim St. Leger (Intel)
35:45
https://wiki.lfedge.org/display/LE/Project+Annual+Reviews
Jim St. Leger (Intel)
38:46
https://bestpractices.coreinfrastructure.org/en
Glen Darling @mosquito (IBM)
50:53
Some ideas proposed in TAC (no firm decisions at this stage, just suggestions):minimum requirement should be that all joining projects need to get onboarded into LX security (e.g., within 90 days of joining)in annual reviews projects must share LX security reportstage 3 projects should have a security policy and provide a limited-access email address for reporting security vulnerabilityall projects should immediately start trying the tool and providing feedback
Jim St. Leger (Intel)
53:40
Great summary Glen. Thank you.