The EGI Software Vulnerability Group (SVG) Face to Face meeting

Name: The EGI Software Vulnerability Group (SVG) Face to Face meeting
Start: 2015-03-03T09:30:00+01:00
End: 2015-03-03T17:00:00+01:00
Location: nikhef

Tuesday 3 Mar 2015, 09:30 → 17:00 Europe/Amsterdam

H 3.20 (nikhef)

H 3.20

nikhef

Description

This is adjacent to the EGI SPG meeting, which will take place on 4-5th March. Details including registration are available at:

https://www.nikhef.nl/grid/meetings/spgsvg2015/

Registation IS required, and includes the option for either on-site or remote. Remote access details are also available.

Main objective is to discuss how to update the EGI SVG issue handling to take account of the evolving infrastructure and situation. Issue handling procedure last underwent major revision at the start of EGI in late 2010, and was very geared to Grid middleware. In recent months there have been a wider range of vulnerabilities which are relevant to the EGI infrastructure.Th

Most sessions will comprise of a short presentation followed by a discussion. The majority of the time is planned to be spent on discussion and finding solutions rather than on presentations.

- 09:30 → 10:30
  Introduction and vulnerability handling
  
  This will introduce plans for the day.
  
  Then we will discuss the general vulnerability handling, where problems are and how we solve them.
  
  Convener: Linda Cornwall (STFC)
  - 09:30
    
    Welcome, introduction 10m
  - 09:40
    
    SVG issue handling - problems and how to solve them 50m
    
    Is the process working? Where are the problems? How do we solve them?
    
    Slides
- 10:30 → 11:00
  
  Coffee break
- 11:00 → 12:30
  Non-Issue handling SVG matters.
  
  This session covers things other than issue handling.
  - 11:00
    
    Checklist for S/W on infrastructure 30m
    
    Slides
  - 11:30
    
    Vulnerability Assessment 30m
  - 12:00
    
    Security Threat Risk Assessment 30m
    
    Slides
- 12:30 → 13:30
  
  Lunch
- 13:30 → 15:00
  
  Cloud specific Vulnerability issues
  
  This addresses cloud specific issues concerning software vulnerabilities. The main focus is on Software which enables the Cloud, from hypervisors to s/w enabling the federation.
  
  slides
- 15:00 → 15:30
  
  Coffee break
- 15:30 → 17:00
  
  Virtual Machines and vulnerabilities in the Cloud, plus AOB
  
  This focusses on vulnerabilities in the cloud associated with Virtual machines, both images in the AppDB, and images in use.
  
  Then AOB.
  
  slides