[Openstack-security] OSSG Lunch Meeting Notes

James Kempf james.kempf at ericsson.com
Thu Nov 7 00:18:05 UTC 2013 

Hi Rob,

Shohel (cc-ed) from Ericsson will be driving this. He will be setting up a chat/teleconference sometime late next week to get started.

		jak 

> -----Original Message-----
> From: Clark, Robert Graham [mailto:robert.clark at hp.com]
> Sent: Thursday, November 07, 2013 12:06 AM
> To: Sriram Subramanian; openstack-security at lists.openstack.org
> Subject: Re: [Openstack-security] OSSG Lunch Meeting Notes
> 
> Thanks for the great notes Sriram.
> 
> I've made the 'how to contribute' part of the wiki more prominent:
> https://wiki.openstack.org/wiki/Security/How_To_Contribute
> 
> To clarify, when we have the ball rolling on Threat Modelling for major
> projects, I can commit some security-architect resources to take part in
> the discussions.
> 
> Cheers
> -Rob
> 
> 
> From: Sriram Subramanian
> <sriram at sriramhere.com<mailto:sriram at sriramhere.com>>
> Date: Tuesday, 5 November 2013 14:24
> To: "openstack-security at lists.openstack.org<mailto:openstack-
> security at lists.openstack.org>" <openstack-
> security at lists.openstack.org<mailto:openstack-
> security at lists.openstack.org>>
> Subject: [Openstack-security] OSSG Lunch Meeting Notes
> 
> Some of the items discussed, followed by Action Items:
> 
> 1) How can one get invovled - Wiki will direct
> 2) Where to pick up security tasks from?
>    - wiki is the starting point
>    - people sign up via mailing list
> 
> 
> 3) threat analysis
>    - Static Analysis, Formal Verification on projects was proposed by
> James.
>    -
>    - static analysis on python is not very useful; whole projects will
> take a long time
>    -
> 4) Threat modeling -
>    -
> Action item (James Kempf) : share the results from Folsom for TM around
> Keystone
> 
>    -  Rob can get resources towards this
>    -  get started with core or knowledgeable people
>    -  Ideally, Secuirty Reviews Per month per project. Review coordinator
> prepares the arch diagram before the review day
> 
> 5) security review - HP's review process; what it translates to for
> OpenStack?
> 
> 6) Attacker model
>   - single or many
>   -
> 7) Tracking the CVEs, publish in the format
> 
>  - Action Item:  Daniel (Red Hat) to start discussin in the mailing list
>  -  Format:
> 8)
>  Getting the word out (wiki, how to contribute, what is going on)
>   - Minutes for the meet
>   - Community Manager
>   - Sprints:
>      - Running the sprint
> 
> Action Items:
> - Eric Windisch to Identify topic to set the sprint/ hackathon and time.
> 
> Thanks,
> -Sriram
> 
> _______________________________________________
> Openstack-security mailing list
> Openstack-security at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security

More information about the Openstack-security mailing list