[Openstack-security] OSSG Lunch Meeting Notes
Sriram Subramanian
sriram at sriramhere.com
Tue Nov 5 06:24:09 UTC 2013
Some of the items discussed, followed by Action Items:
1) How can one get invovled - Wiki will direct
2) Where to pick up security tasks from?
- wiki is the starting point
- people sign up via mailing list
3) threat analysis
- Static Analysis, Formal Verification on projects was proposed by
James.
-
- static analysis on python is not very useful; whole projects will take
a long time
-
4) Threat modeling -
-
*Action item* (James Kempf) : share the results from Folsom for TM around
Keystone
- Rob can get resources towards this
- get started with core or knowledgeable people
- Ideally, Secuirty Reviews Per month per project. Review coordinator
prepares the arch diagram before the review day
5) security review - HP's review process; what it translates to for
OpenStack?
6) Attacker model
- single or many
-
7) Tracking the CVEs, publish in the format
- *Action Item*: Daniel (Red Hat) to start discussin in the mailing list
- Format:
8)
Getting the word out (wiki, how to contribute, what is going on)
- Minutes for the meet
- Community Manager
- Sprints:
- Running the sprint
*Action Items:*
- Eric Windisch to Identify topic to set the sprint/ hackathon and time.
Thanks,
-Sriram
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20131105/98dcaeb4/attachment.html>
More information about the Openstack-security
mailing list