Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "SVG:Scope"

From EGIWiki
Jump to navigation Jump to search
m (fixed links)
Line 35: Line 35:
==Services in the EOSC catalogue - full range NOT included==  
==Services in the EOSC catalogue - full range NOT included==  


The full range of services in the service catalogue [ https://marketplace.eosc-portal.eu/services   https://marketplace.eosc-portal.eu/services ] services are not included.   
The full range of services in the service catalogue [https://marketplace.eosc-portal.eu/services https://marketplace.eosc-portal.eu/services] services are not included.   
However, there should be a place where security problems can be reported, and we will encourage good practice - possibly via [ https://wise-community.org/ the WISE community]   
However, there should be a place where security problems can be reported, and we will encourage good practice - possibly via [https://wise-community.org/ the WISE community]   
Details will be discussed at a later date.
Details will be discussed at a later date.

Revision as of 19:58, 19 October 2020

Main page Software Security Checklist Issue Handling Advisories Notes On Risk Advisory Template More

Scope


The Scope of SVG going forwards in the EOSC era has been discussed at by SVG in recent weeks.

At the time of writing (October 2020) this is summarized as follows:--

EGI

EGI UMD and EGI CMD

Relevant Linux OS distributions, including RedHat Enterprise Linux (RHEL), CentOS, Extra Packages for Enterprise Linux (or EPEL). Other services may find advisories related to these versions of Linux useful.

Other software we (the SVG RAT) know is used on the infrastructure and possibly affected by security concerns (e.g. Singularity).

Other relevant software used in EGI covered by Deployment Expert Group (DEG).

Noting that scope even within EGI depends on participation in DEG, due to proliferation of software and service types.

Hub Portfolio

https://wiki.eosc-hub.eu/pages/viewpage.action?spaceKey=EOSC&title=The+Hub+portfolio

People with expertise in the Hub Portfolio must be in the DEG in order for this to work.

EGI and the Hub Portfolio are at present the main services we consider to be covered by SVG, and we will focus getting DEG members on this basis.

Centrally operated services

SVG is primarily designed to handle vulnerabilities relevant to the distributed computing infrastructure. But we will help where possible with the centrally operated services, including collaboration tools, as we are all dependent on them. This includes services and tools like RT, Confluence, repository.egi.eu and DOCDB.

EUDAT

We consider it would be good if EUDAT services were also included.

Services in the EOSC catalogue - full range NOT included

The full range of services in the service catalogue https://marketplace.eosc-portal.eu/services services are not included. However, there should be a place where security problems can be reported, and we will encourage good practice - possibly via the WISE community Details will be discussed at a later date.