JIRA Issue

[#XCI-670] Identify partner(s) for security vulnerability assistance

[XCI-670] Identify partner(s) for security vulnerability assistance Created: 10/24/2019  Updated: 11/05/2021

Status: In Progress
Project: XSEDE Cyberinfrastructure Integration
Component/s: None
Fix Version/s: PY11 (Sep '21 - Aug '22)

Type: XCI Evaluation Priority: Normal
Reporter: Lee Liming Assignee: Derek Simmel
Resolution: Unresolved Votes: 0

XSEDE Priority: 3.8 UREP
XSEDE Areas:
RACD Integration Services
Use Case Priority: Medium
Public activity link: https://software.xsede.org/display/xci-670
Devel Repository:
Use Cases:
SPI-10: Obtain expert help with resolving a system vulnerability
Effort and Costs:
Staff Name (Lastname, Firstname) Effort (person weeks) Roles or Contributions
Simmel, Derek 1 Coordinate and contribute to deliverables (required)
TBD security engineer(s) 1 Help identity and evaluate potential partners and online resources, and draft XSEDE documentation referencing recommended partners and online resources (required )
SP and XSEDE cybersecurity experts 0.2 Provide input on potential online resources
SP and XSEDE cybersecurity experts 0.4 Review draft recommended partners and online resources documentation (this is considered documentation testing)
Due by Activity Deliverable
DSR Design Document* (summary of identified partners and online resources, evaluation notes, and whether each is recommended for specific types of assistance)
TRR Service Provider documentation referencing recommended partners and online resources
TRR Deployment plan* (details where vulnerability assistance documentation will be published)
TRR Partner agreements* (relevant documentation about partner agreements)
Deployment Documentation published* (Shava)
  • Click on "Deliverables" tab for URL.

DSR by early-January 2022.
TSS and delivery by end of January 2022.

Track status in meeting: yes
Lead Tester: Shava Smallen


Use case SPI-10 describes an XSEDE service provider obtaining help from experts when responding to a security vulnerability in their system. (The vulnerability has been detected via an unspecified mechanism.) This is essentially expertise-as-a-service or specialized consulting.

We need to understand the availability of the necessary expertise to provide this consulting service to XSEDE service providers. The result of this evaluation should be one or more partnership recommendations that XSEDE can pursue in order to provide this experience to service providers.


There are comments for XCI-670 that can be viewed with XSEDE authentication.