Open Stack

Some of the items discussed, followed by Action Items:

1) How can one get invovled - Wiki will direct
2) Where to pick up security tasks from?
   - wiki is the starting point
   - people sign up via mailing list


3) threat analysis
   - Static Analysis, Formal Verification on projects was proposed by
James.
   -
   - static analysis on python is not very useful; whole projects will take
a long time
   -
4) Threat modeling -
   -
*Action item* (James Kempf) : share the results from Folsom for TM around
Keystone

   -  Rob can get resources towards this
   -  get started with core or knowledgeable people
   -  Ideally, Secuirty Reviews Per month per project. Review coordinator
prepares the arch diagram before the review day

5) security review - HP's review process; what it translates to for
OpenStack?

6) Attacker model
  - single or many
  -
7) Tracking the CVEs, publish in the format

 - *Action Item*:  Daniel (Red Hat) to start discussin in the mailing list
 -  Format:
8)
 Getting the word out (wiki, how to contribute, what is going on)
  - Minutes for the meet
  - Community Manager
  - Sprints:
     - Running the sprint

*Action Items:*
- Eric Windisch to Identify topic to set the sprint/ hackathon and time.

Thanks,
-Sriram
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20131105/98dcaeb4/attachment.html>