This is a reminder of the OpenBMC Security Working Group meeting scheduled for this Wednesday October 14 at 10:00am PDT.

We'll discuss the following items on the agenda, and anything else that comes up:
  1. (Joseph): Follow up from 2020-8-19: Gerrit code review: BMCWeb webUI login change: Question: What are the security risks of using the proposed config flag BMCWEB_INSECURE_ENABLE_UNAUTHENTICATED_ASSETS=YES?
    1. Fingerprinting (leak information about the BMC’s manufacturer and version).
    2. Attackers have an easier time getting the code to find and exploit security bugs.
    3. May make DoS easier.
    4. More?
  2. (Joseph): Per do we agree on the approach?  What security categories seem most important?
Access, agenda and notes are in the wiki:
