[openstack-dev] [security][tc] Tidy up language in section 5 of the vulnerability:managed tag

Steven Dake (stdake) stdake at cisco.com
Sat Apr 2 00:04:26 UTC 2016

Please see my review here as requested in this thread [1]:


The purpose of this review is two fold:

  1.  Permit sponsoring companies of single vendor projects or projects with low company affiliation diversity to allow their own security experts to sign off on a threat analysis, acting as a third party..
  2.  Enable scaling of the OSSA and VMT processes by permitting projects to self-audit, self-review, or self-threat analyze with the condition that an impartial third party take responsibility for approving the audit, review, or threat analysis.

[1] http://lists.openstack.org/pipermail/openstack-dev/2016-March/091075.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160402/3c396c0d/attachment.html>

More information about the OpenStack-dev mailing list