JIRA Issue

[#XCI-670] Identify partner(s) for security vulnerability assistance

[XCI-670] Identify partner(s) for security vulnerability assistance Created: 10/24/2019  Updated: 02/03/2022

Status: In Progress
Project: XSEDE Cyberinfrastructure Integration
Component/s: None
Fix Version/s: PY11 (Sep '21 - Aug '22)

Type: XCI Evaluation Priority: Normal
Reporter: Lee Liming Assignee: Derek Simmel
Resolution: Unresolved Votes: 0

XSEDE Priority: 3.8 UREP
XSEDE Areas:
RACD Integration Services
Use Case Priority: Medium
Public activity link: https://software.xsede.org/display/xci-670
Devel Repository:
Hide
https://software.xsede.org/svn/xci/activities/xci-670/trunk/
Show
https://software.xsede.org/svn/xci/activities/xci-670/trunk/
Use Cases:
SPI-10: Obtain expert help with resolving a system vulnerability
Effort and Costs:
Staff Name (Lastname, Firstname) Effort (person weeks) Roles or Contributions
Simmel, Derek 1 Coordinate and contribute to deliverables (required)
TBD security engineer(s) 1 Help identity and evaluate potential partners and online resources, and draft XSEDE documentation referencing recommended partners and online resources (required )
SP and XSEDE cybersecurity experts 0.2 Provide input on potential online resources
SP and XSEDE cybersecurity experts 0.4 Review draft recommended partners and online resources documentation (this is considered documentation testing)
Deliverables:
Due by Activity Deliverable
DSR Design Document* (summary of identified partners and online resources, evaluation notes, and whether each is recommended for specific types of assistance)
TRR Service Provider documentation referencing recommended partners and online resources
Deployment Documentation published* (Shava)
Deployment Appropriate groups notified of the new documentation (Shava)
  • Click on "Deliverables" tab for URL.

DSR by end of March 2022.
Deliverables done by end of April 2022.
Track status in meeting: yes
Lead Tester: Shava Smallen Shava Smallen

 Description   

Use case SPI-10 describes an XSEDE service provider obtaining help from experts when responding to a security vulnerability in their system. (The vulnerability has been detected via an unspecified mechanism.) This is essentially expertise-as-a-service or specialized consulting.

We need to understand the availability of the necessary expertise to provide this consulting service to XSEDE service providers. The result of this evaluation should be one or more partnership recommendations that XSEDE can pursue in order to provide this experience to service providers.

 Comments   

There are comments for XCI-670 that can be viewed with XSEDE authentication.

National Science Foundation (NSF)

© XSEDE All Rights Reserved. Visit the Feedback page for assistance or to provide feedback.
The Extreme Science and Engineering Discovery Environment is supported by the National Science Foundation.
Administrative Login