Open Stack

Someone left an OpenStack registration bag at the lunch (with a L t-shirt
in it).  If you'd like it back, just come find me :-)

-bryan


On Tue, Nov 5, 2013 at 2:24 PM, Sriram Subramanian <sriram at sriramhere.com>wrote:

> Some of the items discussed, followed by Action Items:
>
> 1) How can one get invovled - Wiki will direct
> 2) Where to pick up security tasks from?
>    - wiki is the starting point
>    - people sign up via mailing list
>
>
> 3) threat analysis
>    - Static Analysis, Formal Verification on projects was proposed by
> James.
>    -
>    - static analysis on python is not very useful; whole projects will
> take a long time
>    -
> 4) Threat modeling -
>    -
> *Action item* (James Kempf) : share the results from Folsom for TM around
> Keystone
>
>    -  Rob can get resources towards this
>    -  get started with core or knowledgeable people
>    -  Ideally, Secuirty Reviews Per month per project. Review coordinator
> prepares the arch diagram before the review day
>
> 5) security review - HP's review process; what it translates to for
> OpenStack?
>
> 6) Attacker model
>   - single or many
>   -
> 7) Tracking the CVEs, publish in the format
>
>  - *Action Item*:  Daniel (Red Hat) to start discussin in the mailing list
>  -  Format:
> 8)
>  Getting the word out (wiki, how to contribute, what is going on)
>   - Minutes for the meet
>   - Community Manager
>   - Sprints:
>      - Running the sprint
>
> *Action Items:*
> - Eric Windisch to Identify topic to set the sprint/ hackathon and time.
>
> Thanks,
> -Sriram
>
> _______________________________________________
> Openstack-security mailing list
> Openstack-security at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20131105/af0da09d/attachment.html>