[Openstack-security] OSSG Lunch Meeting Notes
James Kempf
james.kempf at ericsson.com
Thu Nov 7 00:18:05 UTC 2013
Hi Rob,
Shohel (cc-ed) from Ericsson will be driving this. He will be setting up a chat/teleconference sometime late next week to get started.
jak
> -----Original Message-----
> From: Clark, Robert Graham [mailto:robert.clark at hp.com]
> Sent: Thursday, November 07, 2013 12:06 AM
> To: Sriram Subramanian; openstack-security at lists.openstack.org
> Subject: Re: [Openstack-security] OSSG Lunch Meeting Notes
>
> Thanks for the great notes Sriram.
>
> I've made the 'how to contribute' part of the wiki more prominent:
> https://wiki.openstack.org/wiki/Security/How_To_Contribute
>
> To clarify, when we have the ball rolling on Threat Modelling for major
> projects, I can commit some security-architect resources to take part in
> the discussions.
>
> Cheers
> -Rob
>
>
> From: Sriram Subramanian
> <sriram at sriramhere.com<mailto:sriram at sriramhere.com>>
> Date: Tuesday, 5 November 2013 14:24
> To: "openstack-security at lists.openstack.org<mailto:openstack-
> security at lists.openstack.org>" <openstack-
> security at lists.openstack.org<mailto:openstack-
> security at lists.openstack.org>>
> Subject: [Openstack-security] OSSG Lunch Meeting Notes
>
> Some of the items discussed, followed by Action Items:
>
> 1) How can one get invovled - Wiki will direct
> 2) Where to pick up security tasks from?
> - wiki is the starting point
> - people sign up via mailing list
>
>
> 3) threat analysis
> - Static Analysis, Formal Verification on projects was proposed by
> James.
> -
> - static analysis on python is not very useful; whole projects will
> take a long time
> -
> 4) Threat modeling -
> -
> Action item (James Kempf) : share the results from Folsom for TM around
> Keystone
>
> - Rob can get resources towards this
> - get started with core or knowledgeable people
> - Ideally, Secuirty Reviews Per month per project. Review coordinator
> prepares the arch diagram before the review day
>
> 5) security review - HP's review process; what it translates to for
> OpenStack?
>
> 6) Attacker model
> - single or many
> -
> 7) Tracking the CVEs, publish in the format
>
> - Action Item: Daniel (Red Hat) to start discussin in the mailing list
> - Format:
> 8)
> Getting the word out (wiki, how to contribute, what is going on)
> - Minutes for the meet
> - Community Manager
> - Sprints:
> - Running the sprint
>
> Action Items:
> - Eric Windisch to Identify topic to set the sprint/ hackathon and time.
>
> Thanks,
> -Sriram
>
> _______________________________________________
> Openstack-security mailing list
> Openstack-security at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
More information about the Openstack-security
mailing list