[openstack-dev] [OSSG] OpenStack Security Group Task List
David Kranz
david.kranz at qrclab.com
Thu Oct 25 20:41:01 UTC 2012
On 10/23/2012 8:34 PM, Bryan D. Payne wrote:
> As the OpenStack Security Group (OSSG) begins to take shape, we are
> looking to identify what work needs to be done. We have lots of
> things in our heads, but I know others have similar lists in their
> heads as well. I'd like to start this thread to collect security
> related issues for any OpenStack core project. These can be things
> with existing bug reports, or things that have just been sitting in
> your head without actually making it into a bug report yet.
>
> The idea is to have a list of problems where it would be useful for
> security people to help. I'll start with the following to get us
> going.
>
> * Fix problems with clients using SSL (see slide 19 of
> http://www.bryanpayne.org/storage/ossg-oct2012.pdf)
> * Start a hardening guide
> * Work with swift team on Swift Message Authentication
> * Work with nova team on Nova RPC signing
> * Work with keystone team on new PKI tokens and related code
> * Work with oslo team on rootwrap code
> * Add a 'SecurityImpact' tag to mark pull requests as needing a review
> by someone in OSSG
>
> Please help us out by replying with your additions.
>
> Cheers,
> -bryan
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Is the first bullet related to this
http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf?
The Most Dangerous Code in the World:
Validating SSL Certificates in Non-Browser Software
-David
More information about the OpenStack-dev
mailing list