-
Story
-
Resolution: Done
-
Undefined
-
None
-
None
-
3
-
False
-
False
-
Impediment
-
-
NetObserv - Sprint 221, NetObserv - Sprint 222, NetObserv - Sprint 223, NetObserv - Sprint 224, NetObserv - Sprint 225, NetObserv - Sprint 226
As part of the productization, we'll need to have a security audit on our components, architecture and delivery pipeline.
Flow capture is extremely sensitive wrt security. Having BPF programs running in the kernel might also be something to take very cautiously, including for the threat of supply-chain attacks (e.g. that could lead to leaking undesired data from kernel space?)
So, in addition to our team working on strengthening the security, we should have it reviewed by experts
Note, I've added legal privacy compliance (e.g. GDPR) to this story, but it could be a separate one
For an example of how to request a security audit, see also: https://docs.google.com/document/d/1uruzS3fGN6XarCpdFRzWMYYgdFCSD5xUpZAP5gQ_hXA/edit#heading=h.jkwqxvtg2kkw
- relates to
-
NETOBSERV-309 Security hardening
- Closed