Executive Summary: A service provider or campus IT administrator needs to use an automated vulnerability scanning service to test their system for vulnerabilities.
This Capability Delivery Plan proposes the XSEDE XCI team conduct an evaluation of available services to identify candidates for a partnership that would satisfy this use case. The effort required for this evaluation is estimates at 4 person-weeks, but the majority of that effort will be collaborating with subject matter experts on cybersecurity and vulnerability identification to determine the specific evaluation criteria for candidate services. Ideally, the evaluation will result in a recommendation for one or more partnerships XSEDE can pursue in order to provide this capability to its service providers.
|Component||User facing?||Component’s role in the capability|
|Community Software Repository (CSR)||yes||The Community Software Repository (CSR) includes a web portal for service providers with customized features, satisfying Step 1 of this use case's user experience. ("First, the service provider visits the community’s website (or website section) for service providers, and locates the vulnerability scanning service.") It does not provide the vulnerability scanning service piece, though.|