Uploaded image for project: 'Network Observability'
  1. Network Observability
  2. NETOBSERV-195

Security audit + privacy legal compliance

    • Icon: Story Story
    • Resolution: Done
    • Icon: Undefined Undefined
    • None
    • None
    • FLP
    • NetObserv - Sprint 221, NetObserv - Sprint 222, NetObserv - Sprint 223, NetObserv - Sprint 224, NetObserv - Sprint 225, NetObserv - Sprint 226

      As part of the productization, we'll need to have a security audit on our components, architecture and delivery pipeline.

      Flow capture is extremely sensitive wrt security. Having BPF programs running in the kernel might also be something to take very cautiously, including for the threat of supply-chain attacks (e.g. that could lead to leaking undesired data from kernel space?)

      So, in addition to our team working on strengthening the security, we should have it reviewed by experts

      Note, I've added legal privacy compliance (e.g. GDPR) to this story, but it could be a separate one

       

      For an example of how to request a security audit, see also: https://docs.google.com/document/d/1uruzS3fGN6XarCpdFRzWMYYgdFCSD5xUpZAP5gQ_hXA/edit#heading=h.jkwqxvtg2kkw

            mmaciasl@redhat.com Mario Macias (Inactive)
            jtakvori Joel Takvorian
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: