[Openstack-security] OSSG Lunch Meeting Notes
Abu Shohel Ahmed
ahmed.shohel at ericsson.com
Mon Nov 11 13:31:34 UTC 2013
Hi all,
We can have a way forward discussion related to threat analysis in the next
OSSG IRC meeting (this Thursday). Things we could discuss in the
meeting e.g.,
- Threat analysis process in general
- Work items: OpenStack project to target
- Time frame
- Team members
- Way of working
See you in the next meeting.
Thanks,
Shohel
James Kempf kirjoitti Nov 7, 2013 kello 2:18 AM:
> Hi Rob,
>
> Shohel (cc-ed) from Ericsson will be driving this. He will be setting up a chat/teleconference sometime late next week to get started.
>
> jak
>
>> -----Original Message-----
>> From: Clark, Robert Graham [mailto:robert.clark at hp.com]
>> Sent: Thursday, November 07, 2013 12:06 AM
>> To: Sriram Subramanian; openstack-security at lists.openstack.org
>> Subject: Re: [Openstack-security] OSSG Lunch Meeting Notes
>>
>> Thanks for the great notes Sriram.
>>
>> I've made the 'how to contribute' part of the wiki more prominent:
>> https://wiki.openstack.org/wiki/Security/How_To_Contribute
>>
>> To clarify, when we have the ball rolling on Threat Modelling for major
>> projects, I can commit some security-architect resources to take part in
>> the discussions.
>>
>> Cheers
>> -Rob
>>
>>
>> From: Sriram Subramanian
>> <sriram at sriramhere.com<mailto:sriram at sriramhere.com>>
>> Date: Tuesday, 5 November 2013 14:24
>> To: "openstack-security at lists.openstack.org<mailto:openstack-
>> security at lists.openstack.org>" <openstack-
>> security at lists.openstack.org<mailto:openstack-
>> security at lists.openstack.org>>
>> Subject: [Openstack-security] OSSG Lunch Meeting Notes
>>
>> Some of the items discussed, followed by Action Items:
>>
>> 1) How can one get invovled - Wiki will direct
>> 2) Where to pick up security tasks from?
>> - wiki is the starting point
>> - people sign up via mailing list
>>
>>
>> 3) threat analysis
>> - Static Analysis, Formal Verification on projects was proposed by
>> James.
>> -
>> - static analysis on python is not very useful; whole projects will
>> take a long time
>> -
>> 4) Threat modeling -
>> -
>> Action item (James Kempf) : share the results from Folsom for TM around
>> Keystone
>>
>> - Rob can get resources towards this
>> - get started with core or knowledgeable people
>> - Ideally, Secuirty Reviews Per month per project. Review coordinator
>> prepares the arch diagram before the review day
>>
>> 5) security review - HP's review process; what it translates to for
>> OpenStack?
>>
>> 6) Attacker model
>> - single or many
>> -
>> 7) Tracking the CVEs, publish in the format
>>
>> - Action Item: Daniel (Red Hat) to start discussin in the mailing list
>> - Format:
>> 8)
>> Getting the word out (wiki, how to contribute, what is going on)
>> - Minutes for the meet
>> - Community Manager
>> - Sprints:
>> - Running the sprint
>>
>> Action Items:
>> - Eric Windisch to Identify topic to set the sprint/ hackathon and time.
>>
>> Thanks,
>> -Sriram
>>
>> _______________________________________________
>> Openstack-security mailing list
>> Openstack-security at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20131111/fa4d36cc/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3902 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20131111/fa4d36cc/attachment.bin>
More information about the Openstack-security
mailing list