[openstack-dev] [OSSG] OpenStack Security Group Task List
Bryan D. Payne
bdpayne at acm.org
Wed Oct 24 00:34:15 UTC 2012
As the OpenStack Security Group (OSSG) begins to take shape, we are
looking to identify what work needs to be done. We have lots of
things in our heads, but I know others have similar lists in their
heads as well. I'd like to start this thread to collect security
related issues for any OpenStack core project. These can be things
with existing bug reports, or things that have just been sitting in
your head without actually making it into a bug report yet.
The idea is to have a list of problems where it would be useful for
security people to help. I'll start with the following to get us
going.
* Fix problems with clients using SSL (see slide 19 of
http://www.bryanpayne.org/storage/ossg-oct2012.pdf)
* Start a hardening guide
* Work with swift team on Swift Message Authentication
* Work with nova team on Nova RPC signing
* Work with keystone team on new PKI tokens and related code
* Work with oslo team on rootwrap code
* Add a 'SecurityImpact' tag to mark pull requests as needing a review
by someone in OSSG
Please help us out by replying with your additions.
Cheers,
-bryan
More information about the OpenStack-dev
mailing list