Sylva Strengthens Telco Cloud Security with New Frameworks and Community Expansion
As telecom operators face growing regulatory demands and security challenges, the Sylva Project—a Linux Foundation Europe initiative—is stepping up with new tools and strategies to build a secure-by-design telco cloud infrastructure.
Following a successful Security Workshop held in Rennes on April 15–16, Sylva is announcing a set of major security advancements that bolster the project’s ability to help telecom operators meet evolving European cybersecurity requirements. The two-day event gathered security leaders from Orange, Red Hat, and Thales to align on best practices and define next steps for securing Sylva’s open, production-grade telco cloud stack.
What’s New: Key Security Advancements
Here’s a look at the critical deliverables coming out of the workshop:
✅ EU Cybersecurity Mapping
Sylva completed a detailed mapping of the European Union Cybersecurity Scheme (EU‑CS), streamlining implementation and documentation for operators navigating regulatory compliance.
🔐 Security Hardening Guide
A new Sylva Hardening Guide is in the works, which will provide standardized security controls designed to support operator-level compliance from the start.
🛡 Vulnerability Management Framework
The project introduced a Coordinated Vulnerability Disclosure (CVD) form and drafted a CVE (Common Vulnerabilities and Exposures) management process, applying to all Sylva releases.
🔗 Supply Chain Security Validation
Sylva validated the use of Supply Chain Levels for Software Artifacts (SLSA) and plans to automate future assessments through Conforma. The team also laid the groundwork for collaboration with OpenSSF to strengthen software supply chain security.
👤 Identity and Access Management (IAM)
A draft model for default authorization settings was developed, allowing for more fine-tuned access control—an important step toward meeting both security and compliance needs.
📈 Logging and Event Management
Initial discussions have begun around logging strategies, SIEM integration, and security use cases to improve visibility and detection capabilities within the Sylva ecosystem.
Meet Us at Sylva Summit Europe
These technical advancements will be explored in depth at Sylva Summit Europe, co‑located with Open Source Summit Europe on Thursday, August 28, 2025, at RAI Amsterdam. Tickets are available for $20.
Register now: https://events.linuxfoundation.org/open-source-summit-europe/register/
Get Involved
If you are interested in EU cybersecuritycybersecruity regulations, vulnerability management, supply chain security or any other kubernetes security domain and want to take Syl;va tpo the next level join the working group meetings (Every Monday from 14:00 CET ) or the slack channel
If you are interested in EU cybersecurity regulations, vulnerability management, supply chain security or any other kubernetes security domain and want to take Sylva to the next level join the working group meetings (Every Monday from 14:00 CET ) or the slack channel
https://sylva-projects.slack.com/archives/C06S6JDLN0P
Join the Security Working Group
Want to shape the future of secure telco cloud infrastructure?
We’re actively looking for contributors passionate about:
- EU cybersecurity regulation
- Vulnerability management
- Supply chain security
- Kubernetes security best practices
🗓 Weekly Meetings: Mondays at 14:00 CET
💬 Join us on Slack: #security-wg on Sylva Slack
About the Author(s)
This article has been contributed by the Sylva Project WG05