Open Stack

I know a few people (me included) won’t be able to make the OSSG meeting this week.

Is there any way we can follow this up by email?

From: Abu Shohel Ahmed <ahmed.shohel at ericsson.com<mailto:ahmed.shohel at ericsson.com>>
Date: Monday, 11 November 2013 21:31
To: "openstack-security at lists.openstack.org<mailto:openstack-security at lists.openstack.org>" <openstack-security at lists.openstack.org<mailto:openstack-security at lists.openstack.org>>
Cc: Robert Clark <robert.clark at hp.com<mailto:robert.clark at hp.com>>, Sriram Subramanian <sriram at sriramhere.com<mailto:sriram at sriramhere.com>>, James Kempf <james.kempf at ericsson.com<mailto:james.kempf at ericsson.com>>
Subject: Re: [Openstack-security] OSSG Lunch Meeting Notes

Hi all,

 We can have a way forward discussion related to threat analysis in the next
OSSG IRC meeting (this Thursday). Things we could discuss in the
meeting e.g.,
  - Threat analysis process in general
  - Work items: OpenStack project to target
  - Time frame
  - Team members
  - Way of working

See you in the next meeting.

Thanks,
Shohel



James Kempf kirjoitti Nov 7, 2013 kello 2:18 AM:

Hi Rob,

Shohel (cc-ed) from Ericsson will be driving this. He will be setting up a chat/teleconference sometime late next week to get started.

jak

-----Original Message-----
From: Clark, Robert Graham [mailto:robert.clark at hp.com]
Sent: Thursday, November 07, 2013 12:06 AM
To: Sriram Subramanian; openstack-security at lists.openstack.org<mailto:openstack-security at lists.openstack.org>
Subject: Re: [Openstack-security] OSSG Lunch Meeting Notes

Thanks for the great notes Sriram.

I've made the 'how to contribute' part of the wiki more prominent:
https://wiki.openstack.org/wiki/Security/How_To_Contribute

To clarify, when we have the ball rolling on Threat Modelling for major
projects, I can commit some security-architect resources to take part in
the discussions.

Cheers
-Rob


From: Sriram Subramanian
<sriram at sriramhere.com<mailto:sriram at sriramhere.com><mailto:sriram at sriramhere.com>>
Date: Tuesday, 5 November 2013 14:24
To: "openstack-security at lists.openstack.org<mailto:openstack-security at lists.openstack.org><mailto:openstack-
security at lists.openstack.org<mailto:security at lists.openstack.org>>" <openstack-
security at lists.openstack.org<mailto:security at lists.openstack.org><mailto:openstack-
security at lists.openstack.org<mailto:security at lists.openstack.org>>>
Subject: [Openstack-security] OSSG Lunch Meeting Notes

Some of the items discussed, followed by Action Items:

1) How can one get invovled - Wiki will direct
2) Where to pick up security tasks from?
  - wiki is the starting point
  - people sign up via mailing list


3) threat analysis
  - Static Analysis, Formal Verification on projects was proposed by
James.
  -
  - static analysis on python is not very useful; whole projects will
take a long time
  -
4) Threat modeling -
  -
Action item (James Kempf) : share the results from Folsom for TM around
Keystone

  -  Rob can get resources towards this
  -  get started with core or knowledgeable people
  -  Ideally, Secuirty Reviews Per month per project. Review coordinator
prepares the arch diagram before the review day

5) security review - HP's review process; what it translates to for
OpenStack?

6) Attacker model
 - single or many
 -
7) Tracking the CVEs, publish in the format

- Action Item:  Daniel (Red Hat) to start discussin in the mailing list
-  Format:
8)
Getting the word out (wiki, how to contribute, what is going on)
 - Minutes for the meet
 - Community Manager
 - Sprints:
    - Running the sprint

Action Items:
- Eric Windisch to Identify topic to set the sprint/ hackathon and time.

Thanks,
-Sriram

_______________________________________________
Openstack-security mailing list
Openstack-security at lists.openstack.org<mailto:Openstack-security at lists.openstack.org>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security