The Linux Foundation Projects
Skip to main content

Join us at Sylva Summit on August 28, co-located with Open Source Summit in Amsterdam. Register Now!

Blog

Sylva Strengthens Telco Cloud Security

By July 8, 2025No Comments

Sylva Strengthens Telco Cloud Security with New Frameworks and Community Expansion

As telecom operators face growing regulatory demands and security challenges, the Sylva Project—a Linux Foundation Europe initiative—is stepping up with new tools and strategies to build a secure-by-design telco cloud infrastructure.

Following a successful Security Workshop held in Rennes on April 15–16, Sylva is announcing a set of major security advancements that bolster the project’s ability to help telecom operators meet evolving European cybersecurity requirements. The two-day event gathered security leaders from Orange, Red Hat, and Thales to align on best practices and define next steps for securing Sylva’s open, production-grade telco cloud stack.

What’s New: Key Security Advancements

Here’s a look at the critical deliverables coming out of the workshop:

✅ EU Cybersecurity Mapping

Sylva completed a detailed mapping of the European Union Cybersecurity Scheme (EU‑CS), streamlining implementation and documentation for operators navigating regulatory compliance.

🔐 Security Hardening Guide

A new Sylva Hardening Guide is in the works, which will provide standardized security controls designed to support operator-level compliance from the start.

🛡 Vulnerability Management Framework

The project introduced a Coordinated Vulnerability Disclosure (CVD) form and drafted a CVE (Common Vulnerabilities and Exposures) management process, applying to all Sylva releases.

🔗 Supply Chain Security Validation

Sylva validated the use of Supply Chain Levels for Software Artifacts (SLSA) and plans to automate future assessments through Conforma. The team also laid the groundwork for collaboration with OpenSSF to strengthen software supply chain security.

👤 Identity and Access Management (IAM)

A draft model for default authorization settings was developed, allowing for more fine-tuned access control—an important step toward meeting both security and compliance needs.

📈 Logging and Event Management

Initial discussions have begun around logging strategies, SIEM integration, and security use cases to improve visibility and detection capabilities within the Sylva ecosystem.

Meet Us at Sylva Summit Europe

These technical advancements will be explored in depth at Sylva Summit Europe, co‑located with Open Source Summit Europe on Thursday, August 28, 2025, at RAI Amsterdam. Tickets are available for $20.
Register now: https://events.linuxfoundation.org/open-source-summit-europe/register/

 

Get Involved

If you are interested in EU cybersecuritycybersecruity regulations, vulnerability management, supply chain security or any other kubernetes security domain and want to take Syl;va tpo the next level join the working group meetings (Every Monday from 14:00 CET ) or the slack channel  

If you are interested in EU cybersecurity regulations, vulnerability management, supply chain security or any other kubernetes security domain and want to take Sylva to the next level join the working group meetings (Every Monday from 14:00 CET ) or the slack channel
https://sylva-projects.slack.com/archives/C06S6JDLN0P

Join the Security Working Group

Want to shape the future of secure telco cloud infrastructure?
We’re actively looking for contributors passionate about:

  1. EU cybersecurity regulation
  2. Vulnerability management
  3. Supply chain security
  4. Kubernetes security best practices

🗓 Weekly Meetings: Mondays at 14:00 CET
💬 Join us on Slack: #security-wg on Sylva Slack

About the Author(s)

This article has been contributed by the Sylva Project WG05