Remote Code Execution in N2VC/LCM


Pedro Escaleira   April 2024

By Pedro Escaleira, IT Aveiro and OSM TSC Member, on behalf of OSM TSC.

The N2VC OSM's module executes shell code in the LCM container to interact with Helm and Kubectl. However, the executed code is obtained from some user-provided values, a portion of which is validated using an incomplete deny list, allowing an attacker to craft an exploit to execute arbitrary code.

OSM Community Awards Best OSM#15 Hackfest Challenge Solvers

June 2023 

By Gerardo Garcia, Telefonica and OSM TSC Chair, on behalf of OSM#15 Challenge mentors

The OSM Community met in Castelldefels, Barcelona, hosted by CTTC, for a Hackfest in the form of several self-contained development-oriented challenges, mentored by key members of the community.
The OSM#15 Hackfest ran for a whole week,  from 12 to 16 June, co-located with the OSM#15 Plenary meeting and OSM#15 Ecosystem Day

Deploying a V2X Stack Solution in Edge Environments for Improving Mobility Safety with  OSM

May 2023 

By Dr. Andrés Cárdenas, Researcher at I2CAT Foundation, Assistant Professor at Polytecnic University of Catalonia (UPC)

The evolution of connected vehicles has resulted in a paradigm shift in the transportation industry, fundamentally transforming the manner in which these vehicles navigate and engage with the road. Vehicle-to-Everything (V2X) communication has emerged as a critical component for enhancing road safety and enabling efficient transportation systems. Thus, to address the challenges of managing the vehicular service communications, a highly flexible and customized V2X solution is required. In that sense, a proof of concept of implementing a V2X solution for improving mobility safety was showcased during the OSM#14 Ecosystem Day event. We encourage interested readers to visit the OSM PoC#15 to see how this technology works in practice. The aim of this blog post is to emphasize the benefits of implementing V2X communications in Edge Computing environments and to highlight how Open Source MANO (OSM) enables the flexible deployment of V2X network services, leveraging the capabilities of orchestrating the Cloud Native Functions (CNFs). 

OSM Hackfest at NetworkX event, AmsterDAM

So nice to see you all again!

October 2022 

By Mark Beierl, OSM TSC Member


With every release, the OSM community meets for an OSM Hackfest, where participants (such as network operators, service providers, or systems integrators) can get hands-on experience with the latest OSM features. Hackfests may also provide an opportunity for Network Function vendors to onboard their VNFs with OSM and showcase their features to other telco enthusiasts.

On 18th and 19th October 2022, ETSI's Centre for Testing and Interoperability and the OSM community organized the OSM Mid Release THIRTEEN Hackfest during the Network X event in Amsterdam, Netherlands. This was the first face-to-face Hackfest after a long 3 years period of remote events, due to the COVID-19 pandemic, and such a delight to see the OSM Community again! Also, as this OSM Hackfest was co-located with the 1st TeraFlowSDN Hackfest, which took place on October 20th, it was also a fantastic opportunity to meet the ETSI TFS community, learn about their work and start building synergies. TeraFlowSDN is a new ETSI-hosted open source project developing a cloud-native SDN controller for smart transport networks, which has already showcased interoperability with OSM. 


End-to-end NFV Orchestration with OSM showed at IEEE International Conference on Network Softwarization


  June 2022

By Lluís Gifre, CTTC, ETSI TFS TSC Chair and OSM Contributor  


End-to-end NFV Orchestration with OSM was showcased at IEEE International Conference on Network Softwarization. The demo showed the deployment and operation of virtual Network Functions in the full-fledged ADRENALINE Testbed Cloud Platform (, which expands from the edge to the centralized cloud. ETSI Open Source MANO (OSM) was used in the testbed to deploy and handle a multi-site network service involving both edge and core Data Centres (DCs). Besides, the inter- and intra-DC connectivity is directly managed by a novel OSM WAN Infrastructure Manager (WIM) connector using the Transport API (TAPI) interface, thus completely abstracting the details of the underlying SDN controllers handling the programmability of the WAN network interconnecting the DCs.


ETSI OSM TEN declared as the first LTS version of Open Source MANO

May 2022

By Wajeeha Hamid, Canonical, MARCOM TF Chair


ETSI Open Source MANO has taken a major step towards becoming the production-ready orchestration solution of choice for Telcos. The community is proud to announce Long Term Support (LTS) for OSM Release TEN, overcoming a lot of well-known challenges in carrier-grade environments.

In production environments, the telco network functions have a longer end-of-life and require managing longer life cycles. To meet this demand, operators tend to choose proprietary orchestration tools for life cycle management and support. However, the trend is shifting towards open source solutions for network functions orchestration , which requires a reasonable amount of support from the upstream open source community. Therefore, the OSM community is there ready to win operators’  trust and help to promote the adoption of open source orchestration by providing 2 years of bug fixes for OSM LTS versions. 

Open Source MANO: Its Role in Managing Networks Incorporating Virtual and Physical Elements

September 2021

Article first published in RCR Wireless.

By Antonio Marsico, BT, ETSI OSM EUAG Chair,  Andy Reid, BT, ETSI OSM Vice-Chair,  Francisco Javier Ramón, Telefónica, ETSI OSM Chair, Gerardo García, Telefónica, ETSI OSM TSC Member,

 Authors of OSM in action  give us an overview of the latest white paper on OSM for future network management.

OSM release SEVEN: Container network functions and more

February 2020

By Tytus Kurek, Product Manager, Canonical Ltd. 


The OSM community was proud to announce OSM release SEVEN last December. This release introduces a range of exciting features, such as the ability to deploy container network functions on Kubernetes with k8s charms, and several improvements which enhance Open Source MANO (OSM) across various areas.

How OSM Release SEVEN enhances Enterprise, 5G, Edge and Containerized applications in Production

January 2020

By Saad Sheikh, Senior Architect, STC.


Recently, ETSI OSM unveiled Release SEVEN which addresses the challenge of bringing CNFs and Containerized applications to the production.


What’s next: 5G network slicing with ETSI OSM 5 and OpenStack

June 2019

By Sagar Nangare, Principle Executive – Digital Marketing, Calsoft Inc.

Network slicing is an innovative network architecture technology that’s also one of the most exciting promises of 5G telecom networks.

Takeaways from the first open multi-vendor NFV showcase

April 2019

By Gianpietro Lavado, Solutions Architect, Whitestack

Gianpietro Lavado reports on the event that shows carriers how they benefit from a horizontal NFV platform, instead of monolithic solutions from a single vendor.

5G projects building strong use cases for Open Source MANO NFV

February 2019

By Gianpietro Lavado, Solutions Architect, Whitestack

Whitestack’s Gianpietro Lavado reports from the first OSM 5G day held in Spain..

Architecting edge for self-driving cars with OpenStack and ETSI Open Source MANO

January 2019

By Sagar Nangare, Principle Executive – Digital Marketing, Calsoft Inc.

The most awaited 5G use case just might be autonomous vehicles and the transportation revolution expected to follow in their wake. See how OSM addresses certain technical hurdles to make cars truly smart.

Pairing OpenStack and open source MANO for NFV deployments

November 2018

By Sagar Nangare, Principle Executive – Digital Marketing, Calsoft Inc.

Sagar explains how the two open-source technologies are coming together.

Why OSM is the ‘smart’ choice for Open-Source Network and Service Management

October, 2018

By Dave Duggal, Founder & CEO, EnterpriseWeb LLC

The Telecom industry has set out on a journey to transform into Digital Service Providers. However, how the industry gets there is hotly contested. Given all the noise and confusion, we at EnterpriseWeb have decided to share our internal technical case for joining ETSI’s Open-Source MANO (OSM) to foster a more thoughtful industry discussion on design choices and capabilities.

Open Source MANO: Addressing Interoperability Challenge in NFV

September 2018 

By Sagar Nangare, Principle Executive – Digital Marketing, Calsoft Inc.

NFV introduced in 2012 along with stating its benefits especially for telecom domain. But there were challenges associated with actual implementation.

Why it’s time to get serious about NFV

September 2018

By Gianpietro Lavado, Solutions Architect, Whitestack

The direction should be set by open-source projects like Open Source MANO and ONAP for a future of “horizontal” deployments.

 recap on ETSI Open Source MANO Workshop at NFV World Congress

May 2018 

By Gianpietro Lavado, Solutions Architect, Whitestack

Open Source MANO, the ETSI-hosted project to develop an open source NFV Management and Orchestration (MANO) software stack aligned with ETSI NFV and Information Models, presented a workshop at the recent Layer 123 NFV & Zero Touch World Congress (San Jose, CA), aiming to show its recent innovations and production readiness.

Network Function Virtualization test results: Management and Orchestration solutions

March 2018

By Gianpietro Lavado, Solutions Architect, Whitestack

Gianpietro reports that MANO solutions also passed recent tests by global experts.

OSM#4, setting (Release FOUR) direction from the place where the roads cross*

Silvia Almagia

November 2017

By Silvia Almagia, Technical Expert, ETSI

ETSI OSM had its 4th plenary meeting at the end of October. Actually, since we meet for mid-releases too, it was our 7th community gathering since we kicked off the project in April 2016. So many exciting things have happened since that kick off that we tend to forget that we are “only” 18 months old.

The 4th plenary meeting was hosted by Indra at their Madrid Campus where they were so attentive to every single detail, they ensured that the OSM community had an extremely productive week.

The agenda for the week was quite ambitious: wrapping up Release THREE and setting direction for Release FOUR ... while growing the ecosystem of OSM on-boarded VNFs with a hands-on workshop … and making sure we put some time aside to celebrate the latest community achievements together.

A conversation with Mark Shuttleworth, Member OSM TSC, Founder & CEO Canonical Ltd.

Mark Shuttleworth, Canonical

November 2017

The OSM Marketing Work Group recently caught up with Mark to get his thoughts on the role of Canonical within OSM, the accomplishments of the community so far as well as its goals over the next six months.

1. Why was it important for you to be a part of ETSI Open Source MANO?

Standards are vital in the industry, and open source has also come to represent the primary way in which industries collaborate efficiently in technology. From AI to operating systems, the new normal is open source.

Still the Fastest Growing NFV Open Source Project in the History of NFV Open Source Projects

Day 0 OSM Workshop at SDN NFV World Congress will again Showcase OSM’s Growth and Momentum

Don Clarke, CablelabsGeorge Hamilton,

October 2017

By Don Clarke, CableLabs, Principal Architect Network Technologies, and George Hamilton,, VP marketing

This blog has been updated to provide a summary of the OSM workshop, 9 October, 2017

Last year the ETSI Open Source MANO (OSM) team boasted a bit that we were the fastest growing NFV open source project in the history of NFV open source projects. That was when OSM had grown to 50 members and two code releases in less than 12 months. It’s a year later and guess what? OSM still is the fastest growing NFV open source project! OSM now features over 80 members including 9 network operators, and already has another code release, OSM Release Three to show the world. On top of that, OSM is also a finalist for a Network Transformation Award, “Best Open Source Development”. The OSM community welcomed approximately one hundred attendees to the workshop at the SDN NFV World Congress in The Hague, a terrific turnout during a day busy with multiple technology workshops.

Key results from OSM Community Survey #1

Maria Ruth Gamero Tinoco

July 2017

By Maria Ruth Gamero Tinoco, Telefonica

Earlier this year, the Marketing Task Force conducted its first ever community survey to better understand the interest areas and preferences of the OSM community. The information below is a summary of the key results.

The survey was answered by 51 organizations, 37% vendors of software or equipment, followed by 20% of systems integrators, 16% from the academic world, 18% from operators and the remaining by students, R&D, analysts, etc.

First ETSI OSM Reference PoC “DevOps in Service Chains and 5G Network Slices”

Pål Grønsund

May 2017

By Pål Grønsund, Telenor Research, Vice-Chair, OSM Leadership Group

The building excitement as commercial deployment of 5G technology nears is, as the cliché goes, palpable. In the midst of this frenzy, however, there seem to be legitimate concerns and some industry debate on whether operators will be better served by more clearly defining the commercial use cases for 5G before full-scale and global roll-outs. This is not to insinuate that no use cases have been already defined. On the contrary, with 5G enabling billions of connected and “smart” devices of every imaginable variety and function, it’s not a stretch to see that the Internet of Things (IoT) will be a primary use case.

To me, the first year of OSM bears a number of similarities to a 100-meter race, and as the year 2017 has just started, I am taking some time to reflect on what we have jointly accomplished since the inception of the OSM community and outline a number of personal thoughts on key themes for this new year.

Showcasing the power of a vibrant community: OSM honours outstanding contributors with first community awards

Chris Buerger

May 2017

By Chris Buerger, Chair OSM Marketing Task Force

As prior OSM plenary sessions, OSM Plenary #3 was incredibly productive in getting the technical input from the community members to meet our functionality, interoperability and usability goals for OSM Release THREE. Innovation, rapid & predictable execution to shared goals as well as taking an inclusive approach to ideas and code is what sets successful open source communities apart, and I am proud to include OSM in my personal list of open source communities that ‘just gets it right’.

Part of every successful community is the public recognition of outstanding contributors. On behalf of the OSM community, I am excited to shine a spotlight on the first set of contributor awards.

The two technical awards were granted to Mike Marchetti of Sandvine, and Jokin Garay from Keynetic Technology, in recognition of their technical excellence, quality contributions and dedication during the ETSI OSM Release TWO cycle.

Working with the OSM Marketing Task Force is a lot of fun! One of the reasons is the incredible talent pool of technical marketing professionals that collaborate every week to rapidly innovate best practices on how to best meet the marketing needs of OSM. Kaela Loffler from Netrounds has been a true ‘tour de force’ since joining the task force, from helping to stand up our Twitter presence to working on the incubation of the ETSI POC initiative. In recognition of her outstanding contributions to the promotion of OSM, I am excited to share that Kaela has been presented with the Outstanding Community Award.

The top 6 advances delivered in OSM Release TWO

Haidee McMahon, Intel

April 2017

By Haidee McMahon, NFV Technical Solutions Marketing Manager, Intel

Working at Intel certainly has its benefits, especially when it means working alongside the Chair of Open Source MANO's Technical Steering Committee, Adrian Hoban. A few weeks back, I had the pleasure of catching up with Adrian after his recent trip to OSM#3 Plenary meeting in Palo Alto, California. During OSM#3, the technical community met face to face to discuss architectural principles, alignment with ETSI NFV, status updates on the features of Release TWO, and to collectively agree on the goals and themes for Release THREE.

With Release TWO on our doorstep and a release date of April 27th, I hastened to ask Adrian about the key deliverables and what we could expect from the upcoming new code base. Adrian summed it up quite nicely: “Release TWO has advanced sufficiently that it is ready for operators to begin their RFx processes and field trials. It brings significant improvements in terms of interoperability, packaging & distribution, usability, data plane configuration and dynamic service assurance.”
I’ve captured some of the finer details of our conversation below under six separate value vectors:

Automated Testing and Monitoring Shares the Spotlight with OSM at MWC 2017

A surprising plot twist puts T&M on center stage  

Kaela Loffler, Netrounds

March 2017

By Kaela Loffler, Director, Marketing & Industry Alliances, Netrounds

There are several key figures that we could use to sum up Mobile World Congress 2017: 108,000 attendees, of which 6,100 were CEOs, visitors from 208 countries or territories, over 2,300 exhibitors, and 322 speakers across the four days. However, the figures most exciting to us in the Open Source MANO community are these: ten companies coming together to show and demonstrate three different proofs of concept using OSM Rel ONE just one year after Open Source MANO was announced at MWC 2016.

We took the time to race between the vast halls of the Fira Gran Via to see these live PoC demos in action. Following is a short summary of each.

DevOps in Service Chains and 5G Network Slices

Kaela Loffler, Netrounds

February 2017

By Kaela Loffler, Director, Marketing & Industry Alliances, Netrounds

Your guide to putting that term “DevOps” into practice with automated active testing and monitoring

DevOps is a well-known discipline in enterprises and cloud service providers, but the term has made a fairly new debut on the telecommunications scene. Software has been eating the world for some time now but it’s only just begun to sample the networking world. Consequently, the term, “DevOps” is now being thrown around a lot. It is like the “NFV” of 2017. With the title of this article, you can see that we are obviously guilty of using it too. To validate our use of the term in the title of our new proof of concept, DevOps in Service Chains and 5G Network Slices, we have decided to describe exactly what it means in the context of this PoC and outline its importance to service providers in achieving service agility and ensuring great quality of experience for their customers.  

RADCOM’s MaveriQ: Virtualized Customer Experience Management & Service Assurance on Open Source MANO

February 2017

Written by Mark Rolston, Marketing Manager at RADCOM

RADCOM is excited to be part of a community that is collaborating to enable the transformation to virtualized networks. Providing an Open Source MANO (OSM) will accelerate this transformation as it creates an open, standards-based orchestration environment that covers both Resource and Service Orchestration to allow automated deployment and interconnection of all components, both for NFV network scenarios and the management of Network Service lifecycles; delivering network automation, service agility and significant OPEX and CAPEX savings for CSPs.  

It may not be the Super Bowl, but ETSI NFV PlugTests Tackles Interoperability on a Big Stage

George Hamilton,

February 2017

Written by George Hamilton,, VP marketing

One core tenant of marketing that I learned long ago is that marketing is 10% strategy and 90% blocking and tackling. For those not familiar with the terminology of American football, it simply means that a good game plan and skilled players who score points often get the glory, but the real work that often determines success are the less glamorous tasks of blocking and tackling. And this truism transcends marketing. In any endeavor, a strategy is only as good as its execution and the preparation that takes place before game day. 

Yes, the Super Bowl is February 5th, and I started with this adage because I see that ETSI and the Open Source MANO community have taken it to heart. Over the past year, while the industry has seen its share of marketing hype, the OSM community has been doing the hard work of developing working code and bringing together diverse organizations to test software and facilitate interoperability among all the working parts of a successful NFV deployment. This is embodied in the recently launched first ETSI NFV Plugtests event

Meeting the Challenge of Open Source

Luis Jorge Romero

January 2017

Luis Jorge Romero, ETSI Director General

When ETSI created its first Open Source group last year, many in the industry were surprised. Open Source MANO was ETSI’s first real step into Open Source, although the subject has long been discussed. I would say it was a necessary step for ETSI.

In the past, Open Source was somehow seen as a rival to standards. It wasn’t just that the economic and licensing models were different, the working methods and makeup of the communities were also quite different. Today, however, Open Source is broadly accepted as having its place in almost all areas of software development. Our standards are increasingly implemented in software. Our industry members have embraced Open Source. ETSI needs to evolve in pace with its members.

ETSI’s future lies in our ability to attract new communities and evolve to meet the needs of new members. This includes learning from the experience of others and adapting our ways of working. The world of Open Source has developed tools and processes to aid collaborative development of software by remote developers. Standards development often faces similar problems: building and attracting communities, ensuring quality of work, completeness and meeting time to market demands. We must be prepared to redesign our ways of working to take account of best practice, wherever it may lie.

In the case of Open Source MANO, we needed quickly to learn new ways. We have had to be flexible and adapt our procedures, our support levels and our IT infrastructure to meet the expectations of this new community. We have adopted all the Open Source tools with which the community is used to working. We’ve been willing to push for the success of this group. From the feedback they give me, I think we have succeeded.

ETSI is serious in this new approach. We anticipate that industry may want to follow with other Open Source initiatives in the wake of Open Source MANO. If this is the case, then we’re ready!

Year 1: OSM races out of the starting gates to shape global MANO ecosystem

January 2017

Written by Chris Buerger, Intel, Chair OSM Marcom Task Force



Speed matters. In software development, no matter whether it is proprietary or open source, early success is often defined in the same way as an Olympic 100-meter dash. The first few steps out of the starting block are critical in quickly getting to the 100m point. The race then changes once this has been accomplished – the straight line race track starts to curve and a group of runners settles in to run the distance and find success at the finish line. 

To me, the first year of OSM bears a number of similarities to a 100-meter race, and as the year 2017 has just started, I am taking some time to reflect on what we have jointly accomplished since the inception of the OSM community and outline a number of personal thoughts on key themes for this new year.

Not to wax nostalgic, but looking back at 2016 does showcase a number of accomplishments that would be the envy of the majority of open source communities. From the first public OSM demonstration at the end of February at MWC 2016, to creating two OSM releases that have been downloaded more than 2000 times from 50+ countries, to capturing the interest of 55 organizations that have joined OSM, we have much to be proud of. On the technical side, the creation of a well-functioning, one-step installable, multi-VIM, multi-SDN controller OSM Release ONE that incorporates information models commonly agreed upon by a group of operators and solution vendors stands out to me. On the community engagement side, the OSM workshop at SDN World Congress in The Hague, the launch of the new website, quarterly newsletters, the OSM Twitter channel and, personally most important, the contributions of an awesome group of marketing professionals to create awareness and excitement for OSM top my list.

Year 2 will be different. Speed still matters, but it will be accompanied by well-measured collaboration activities to take the OSM software stack through the standard lab/field/production deployment cycle with service providers engaging in MANO. Interoperability, stability, security and the size and maturity of the commercial support ecosystem for OSM will become key themes on the road to production deployments. New use cases and network service scenarios from the broader community will tie the code base to its economic value. I expect that OSM’s guiding principle of modularity for any software component will provide additional choice and capabilities. 

In addition, as a result of the success of broadly observed initiatives such as Telefonica’s UNICA program, a set of existing and new community members will choose to actively invest time and contribute engineering expertise and code as purchase points for OSM proliferate across the globe. ETSI’s groups for NFV and MANO will receive an increasing amount of input based on the pragmatic results of the work within OSM.

So speed and timing will still matter as OSM turns its sights from a 100-meter dash to a 10k race in 2017. I believe that as with other successful software development initiatives, collaborative and reliable execution and a singular focus on unlocking OSM’s economic value for the entire community over the next 5-10 years will set us apart. OSM’s accomplishment in getting out of the starting block with speed and clear direction is the best indicator for continued success in 2017 and beyond.

The Fastest Growing NFV Open Source Project in the History of NFV Open Source Projects

Open Source MANO Workshop and Release ONE create buzz at SDN World Congress

OSM Presentation

October 2016
Written by George Hamilton,, VP marketing

At last year’s SDN World Congress in Dusseldorf the concept of an open source NFV MANO platform was just an idea. 12 months later it’s trial-ready code. The ETSI Open Source MANO (OSM) community kicked off SDN World Congress with a technically deep and, at times, entertaining OSM workshop. The workshop featured learning sessions from each of the seed code contributors,, Telefonica, and Canonical as well as terrific insights from the OSM Technical Steering committee and End User Advisory Group. The buzz surrounding OSM was evidenced by the nearly 100 attendees that came to learn more about the recent OSM Release ONE and OSM’s development roadmap. 

OSM’s Chairman, Francisco-Javier Ramón, got things started with an introduction to the OSM community and OSM Release ONE. Francisco Javier covered the key features of Release ONE and Release ONE’s goal of making it easy to test OSM and build trials. He also introduced OSM’s network of remote labs that enables continuous and automated testing with different types of infrastructures (VIMs, SDN Controllers and NFVIs). OSM has made some bold plans for the next six months, including the support of new types of infrastructures, integrated approaches to Security and Service Assurance, the participation in the upcoming ETSI NFV Plugtest™, and new POCs and demos based on Release ONE. The OSM community is making a bold statement that Release TWO will be deployment ready. 

Subscribe to our newsletter