[openstack-dev] [barbican] Cryptography audit by OSSG

Nathan Kinder nkinder at redhat.com
Fri Apr 25 04:47:16 UTC 2014



On 04/18/2014 09:27 AM, Bryan D. Payne wrote:
>        Is anyone following the openstack-security list and/or part of the
>     OpenStack Security Group (OSSG)?  This sounds like another group and
>     list
>     we should keep our eyes on.
> 
> 
> I'm one of the OSSG leads.  We'd certainly welcome your involvement in
> OSSG.  In fact, there has been much interest in OSSG about the Barbican
> project.  And I believe that many people from the group are contributing
> to Barbican.
>  
> 
>        In the below thread on the security list, Nathan Kinder is
>     conducting a
>     security audit of the various integrated OpenStack projects.  He's
>     answering questions such as what crypto libraries are being used in the
>     projects, algorithms used, sensitive data, and potential
>     improvements that
>     can be made.  Check the links out in the below thread.
> 
>        Though we're not yet integrated, it might be beneficial to put
>     together
>     our security audit page under Security/Icehouse/Barbican.
> 
> 
> This would be very helpful.  If there's anything I can do to help
> facilitate this, just let me know.

I'd definitely welcome this as well.  The integrated projects seemed
like a good place to start to me, but getting on board early with
incubated projects like Barbican would be great.  I'm happy to assist in
any way I can.

-NGK

> 
> Cheers,
> -bryan
> 
> 
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> 



More information about the OpenStack-dev mailing list