30 Star 72 Fork 30

EdgeGallery / community

Create your Gitee Account
Explore and code with more than 12 million developers,Free private repositories !:)
Sign up
Clone or Download
README.md 3.93 KB
Copy Edit Raw Blame History
扈冰 authored 2021-06-21 19:13 . update Security WG/README.md.

Security Working Group

Introduction

EdgeGallery security working group dedicated to improve EdgeGallery security through architecture, documentation, code review and vulnerability management.

EdgeGallery security working group is responsible for receiving and responding to security issues reported from the community, providing security guidance and carrying out community security governance.

This directory is used by the security working group to store related documents, such as community security procedures, security guidelines and meeting notes.

Scope

The overall goal for EdgeGallery security working group is to ensure secure and trusted operation of the EdgeGallery platform and MEC applications contributed through it, via focus on:

  • Security of the EdgeGallery platform
    • Project contribution scanning as part of project infrastructure
    • Security of the platform as deployed
  • Trust in MEC applications
  • Vulnerability management

Acceptance Criteria for new feature/PR

All contributors must check and make sure the below criteria's are met before raising Merge/Pull Request. If any violations the request can be rejected.

  • No Major Security vulnerabilities exist in the project/code. (Design guideline issues or Critical and Major static check issues)
  • No known CVE security vulnerabilites exist in project/code. Known CVE security vulnerability not resolved in the industry can be exception for this.
  • All static check tools Critical, Major and Minor issues must be resolve and cleared.

Current Status

The scope above and status related to the goals is summarized in the following table.

Area Goal Status Coordinator
Project contribution scanning EdgeGallery project contributions will be verified to the extent possible as free from issues related to licensing and security vulnerability. Project code scan tools are being assessed.
EdgeGallery platform security EdgeGallery platforms as deployed must be resistant to threats, including common attacks and risk to (or by) platforms integrated with. Assessing detailed goals, capabilities, and gaps. Project PTLs
MEC app security MEC apps as contributed to and distributed through EdgeGallery platform will be verified to the extent possible as free from issues related to bugs and security vulnerability. Assessing detailed goals, capabilities, and gaps.
Vulnerability management Deal with vulnerabilities in a timely manner Assessing detailed goals, capabilities, and gaps. Project PTLs

Members

Name Affiliation Self Nominate as Chair (Y/N) Self Nominate as Co-Chair (Y/N)
袁国平 (Chair) 安恒 - -
周艳兵 Huawei - -
许丹 Huawei - -
扈冰 (Co-Chair) Huawei - Y
  • Initial member signup now open

Mailing List

马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
1
https://gitee.com/edgegallery/community.git
git@gitee.com:edgegallery/community.git
edgegallery
community
community
master

Search

344bd9b3 5694891 D2dac590 5694891