Security is critical to building a successful software-defined networking platform. Shifting the implementation of networking features from hardware and proprietary software to open source software has many benefits, but the software must be secure. Building and maintaining secure software is a difficult process, that requires community members with different roles and skills to collaborate quickly and effectively. This presentation will outline the current status of OpenDaylight’s security response and secure development processes, and then provide a vision for evolving these processes to surpass those of proprietary vendors. It will cover:
- Security training for developers
- Identifying security vulnerabilities during code review
- Automated QE/CI tests to catch security flaws and regressions
- Managing vulnerabilities in dependencies
- Responding to critical vulnerabilities
