|
Re: Security challenges at LFE
Shuli Goodman
I would like to second this - this is not a nice to have…it is critical for us to continue to stay in front of security.
toggle quoted messageShow quoted text
Please chime in. Let's get some ideas out. Thanks! Shuli l. shuli rose goodman phd. executive director, LF Energy a Linux Foundation project web: https://lfenergy.org twitter: @LFE_Foundation +++++++++++++++++++++++++++
|
||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||
|
Security challenges at LFE
Mirz, Markus <mmirz@...>
Hello,
after collecting material on the wiki page (https://wiki.lfenergy.org/display/HOME/Security+Working+Group) and in the mail thread “Resources on security”, it would be great to summarize the security challenges seen specifically in the context of LFE. This could become another section on the wiki page.
Please let us know in this thread if you would like to contribute to this summary.
Thanks Markus
|
||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||
|
Re: Resources on security
Markus,
Here is my comment:
Consider adopting an open source SBOM based Vulnerability Disclosure Report (VDR) XML schema to report on SBOM component level NIST NVD search results and vendor known vulnerability status information: https://github.com/rjb4standards/REA-Products/raw/master/SAGVulnDisclosure.xsd SAMPLE VDR is available here: https://github.com/rjb4standards/REA-Products/blob/master/SAGVulnDisclosureSAG-PM.xml
Explanation of how VDR information is used during an SBOM C-SCRM software risk assessment is available here: https://www.linkedin.com/posts/richard-dick-brooks-8078241_how-does-vendor-provided-software-vulnerability-activity-6860955924933165056-mMcQ
Thanks,
Dick Brooks Never trust software, always verify and report! ™ http://www.reliableenergyanalytics.com Email: dick@... Tel: +1 978-696-1788
From: security@... <security@...> On Behalf Of Mirz, Markus
Sent: Tuesday, November 2, 2021 11:32 AM To: security@... Subject: [Security WG] Resources on security
Dear all,
To facilitate the collection of resources on security topics, I would suggest that we use this mail thread to propose links etc. Please just drop your ideas here and I will update the wiki page: https://wiki.lfenergy.org/display/HOME/Security+Working+Group I hope that this facilitates the process compared to updating the wiki page directly 😉
Cheers Markus
|
||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||
|
Resources on security
Mirz, Markus <mmirz@...>
Dear all,
To facilitate the collection of resources on security topics, I would suggest that we use this mail thread to propose links etc. Please just drop your ideas here and I will update the wiki page: https://wiki.lfenergy.org/display/HOME/Security+Working+Group I hope that this facilitates the process compared to updating the wiki page directly 😉
Cheers Markus
|
||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||
|
LFE Security Workshop
Shuli Goodman
I am canceling this meeting. Bart will follow up. Thanks,
|
||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||
|
SaveTheDate for a European TSO / DSO "Cybersecurity: Data Sharing” webinar event on October 7th, 2020
boris.dolley@...
"Ce message est destiné exclusivement aux personnes ou entités auxquelles il est adressé et peut contenir des informations privilégiées ou confidentielles. Si vous avez reçu ce document par erreur, merci de nous l'indiquer par retour, de ne pas le transmettre et de procéder à sa destruction. This message is solely intended for the use of the individual or entity to which it is addressed and may contain information that is privileged or confidential. If you have received this communication by error, please notify us immediately by electronic mail, do not disclose it and delete the original message."
|
||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||
|
Invitation: LFE Security Workshop @ Wed Sep 2, 2020 8am - 10am (PDT) (security@lists.lfenergy.org)
Shuli Goodman
|
||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||
|
Architecture meetings this week
Jeffrey Osier-Mixon <josiermixon@...>
Hi all - in preparation for the architecture meetings this week, I wanted to make sure everyone had the meetings on their calendars, the existing architecture deck, and the agenda for the meetings. Please let me know if you have any questions. Meetings: Monday 8:30am - 10:30am PDT - Functional Architecture Monday 12:00pm - 2:00pm PDT - Technical Architecture Thursday 8:30am - 10:00am PDT - Data Architecture All meetings will be held on zoom: https://zoom.us/j/9332682426 A folder with agenda doc, taxonomy sheet, and original deck is here. I will be updating these during the meetings. Agenda: Functional Architecture
-- Jeffrey "Jefro" Osier-Mixon | Linux Foundation | linuxfoundation.org
|
||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||
|
Invitation: LF Energy Architecture @ Wed Mar 18, 2020 7:30am - 9am (PDT) (security@lists.lfenergy.org)
Jeffrey Osier-Mixon <josiermixon@...>
|
||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||
|
Booting up architecture meetings
Jeffrey Osier-Mixon <josiermixon@...>
Hi folks - Shuli and I met today with Benoit and Justin to discuss the path forward for the LF Energy architecture discussions. We have a few other special-interest groups as well (security and iot) that are dependent on, and which feed into, the architecture discussion. What we'd like to do to get all of these groups in sync is to start with an overall architecture meeting and discussion in a few weeks to do a level-set on the work already done and to lay the ground work for future discussions on all of these topics. After that, we can divide into separate discussions on security, iot, and other topics that the group will define, with the overall goal to form a comprehensive architecture for the power systems of the 21st century. The current date is March 18 at 7:30am PST, 4:30pm CET. Hope to talk to you all then. Jeffrey "Jefro" Osier-Mixon | Linux Foundation | linuxfoundation.org
|
||||||||||||||||||||||||||||
|
|
| 1 - 10 of 10 |