SVG:Scope

From EGIWiki
Revision as of 21:00, 19 October 2020 by Litmaath (talk | contribs) (improved link appearance)
Jump to: navigation, search
Main page Software Security Checklist Issue Handling Advisories Notes On Risk Advisory Template More

Scope


The Scope of SVG going forwards in the EOSC era has been discussed at by SVG in recent weeks.

At the time of writing (October 2020) this is summarized as follows:--

EGI

EGI UMD and EGI CMD

Relevant Linux OS distributions, including RedHat Enterprise Linux (RHEL), CentOS, Extra Packages for Enterprise Linux (or EPEL). Other services may find advisories related to these versions of Linux useful.

Other software we (the SVG RAT) know is used on the infrastructure and possibly affected by security concerns (e.g. Singularity).

Other relevant software used in EGI covered by Deployment Expert Group (DEG).

Noting that scope even within EGI depends on participation in DEG, due to proliferation of software and service types.

Hub Portfolio

https://wiki.eosc-hub.eu/pages/viewpage.action?spaceKey=EOSC&title=The+Hub+portfolio

People with expertise in the Hub Portfolio must be in the DEG in order for this to work.

EGI and the Hub Portfolio are at present the main services we consider to be covered by SVG, and we will focus getting DEG members on this basis.

Centrally operated services

SVG is primarily designed to handle vulnerabilities relevant to the distributed computing infrastructure. But we will help where possible with the centrally operated services, including collaboration tools, as we are all dependent on them. This includes services and tools like RT, Confluence, repository.egi.eu and DOCDB.

EUDAT

We consider it would be good if EUDAT services were also included.

Services in the EOSC catalogue - full range NOT included

The full range of services in the EOSC catalogue services are not included. However, there should be a place where security problems can be reported, and we will encourage good practice - possibly via the WISE community Details will be discussed at a later date.