XSEDE Capability Delivery Plan for "SPI-09: Test a system for vulnerabilities using an automated service"

Use Case SPI-09: Test a system for vulnerabilities using an automated service

Area: Community Building
URLs: Review

Executive Summary: A service provider or campus IT administrator needs to use an automated vulnerability scanning service to test their system for vulnerabilities.

Organization: 
XSEDE
First CDP: 2019-10-24
Current CDP: 2019-10-24
Current Implementation Status: 
Issues to be Addressed: 
Time & Effort Summary: 

This Capability Delivery Plan proposes the XSEDE XCI team conduct an evaluation of available services to identify candidates for a partnership that would satisfy this use case. The effort required for this evaluation is estimates at 4 person-weeks, but the majority of that effort will be collaborating with subject matter experts on cybersecurity and vulnerability identification to determine the specific evaluation criteria for candidate services. Ideally, the evaluation will result in a recommendation for one or more partnerships XSEDE can pursue in order to provide this capability to its service providers.

Significant Revisions:
This capability is currently supported by the following 1 components:
Component User facing? Component’s role in the capability
Community Software Repository (CSR) yes The Community Software Repository (CSR) includes a web portal for service providers with customized features, satisfying Step 1 of this use case's user experience. ("First, the service provider visits the community’s website (or website section) for service providers, and locates the vulnerability scanning service.") It does not provide the vulnerability scanning service piece, though.