[Openstack-security] OSSG Lunch Meeting Notes
Abu Shohel Ahmed
ahmed.shohel at ericsson.com
Mon Nov 11 13:47:19 UTC 2013
Hi Rob,
Certainly, the meeting transcript should be available in https://wiki.openstack.org/wiki/Meetings/OpenStackSecurity
After the meeting, we will sent the meeting notes to the OSSG mailing list.
…shohel
Clark, Robert Graham kirjoitti Nov 11, 2013 kello 3:43 PM:
> I know a few people (me included) won’t be able to make the OSSG meeting this week.
>
> Is there any way we can follow this up by email?
>
> From: Abu Shohel Ahmed <ahmed.shohel at ericsson.com>
> Date: Monday, 11 November 2013 21:31
> To: "openstack-security at lists.openstack.org" <openstack-security at lists.openstack.org>
> Cc: Robert Clark <robert.clark at hp.com>, Sriram Subramanian <sriram at sriramhere.com>, James Kempf <james.kempf at ericsson.com>
> Subject: Re: [Openstack-security] OSSG Lunch Meeting Notes
>
> Hi all,
>
> We can have a way forward discussion related to threat analysis in the next
> OSSG IRC meeting (this Thursday). Things we could discuss in the
> meeting e.g.,
> - Threat analysis process in general
> - Work items: OpenStack project to target
> - Time frame
> - Team members
> - Way of working
>
> See you in the next meeting.
>
> Thanks,
> Shohel
>
>
>
> James Kempf kirjoitti Nov 7, 2013 kello 2:18 AM:
>
>> Hi Rob,
>>
>> Shohel (cc-ed) from Ericsson will be driving this. He will be setting up a chat/teleconference sometime late next week to get started.
>>
>> jak
>>
>>> -----Original Message-----
>>> From: Clark, Robert Graham [mailto:robert.clark at hp.com]
>>> Sent: Thursday, November 07, 2013 12:06 AM
>>> To: Sriram Subramanian; openstack-security at lists.openstack.org
>>> Subject: Re: [Openstack-security] OSSG Lunch Meeting Notes
>>>
>>> Thanks for the great notes Sriram.
>>>
>>> I've made the 'how to contribute' part of the wiki more prominent:
>>> https://wiki.openstack.org/wiki/Security/How_To_Contribute
>>>
>>> To clarify, when we have the ball rolling on Threat Modelling for major
>>> projects, I can commit some security-architect resources to take part in
>>> the discussions.
>>>
>>> Cheers
>>> -Rob
>>>
>>>
>>> From: Sriram Subramanian
>>> <sriram at sriramhere.com<mailto:sriram at sriramhere.com>>
>>> Date: Tuesday, 5 November 2013 14:24
>>> To: "openstack-security at lists.openstack.org<mailto:openstack-
>>> security at lists.openstack.org>" <openstack-
>>> security at lists.openstack.org<mailto:openstack-
>>> security at lists.openstack.org>>
>>> Subject: [Openstack-security] OSSG Lunch Meeting Notes
>>>
>>> Some of the items discussed, followed by Action Items:
>>>
>>> 1) How can one get invovled - Wiki will direct
>>> 2) Where to pick up security tasks from?
>>> - wiki is the starting point
>>> - people sign up via mailing list
>>>
>>>
>>> 3) threat analysis
>>> - Static Analysis, Formal Verification on projects was proposed by
>>> James.
>>> -
>>> - static analysis on python is not very useful; whole projects will
>>> take a long time
>>> -
>>> 4) Threat modeling -
>>> -
>>> Action item (James Kempf) : share the results from Folsom for TM around
>>> Keystone
>>>
>>> - Rob can get resources towards this
>>> - get started with core or knowledgeable people
>>> - Ideally, Secuirty Reviews Per month per project. Review coordinator
>>> prepares the arch diagram before the review day
>>>
>>> 5) security review - HP's review process; what it translates to for
>>> OpenStack?
>>>
>>> 6) Attacker model
>>> - single or many
>>> -
>>> 7) Tracking the CVEs, publish in the format
>>>
>>> - Action Item: Daniel (Red Hat) to start discussin in the mailing list
>>> - Format:
>>> 8)
>>> Getting the word out (wiki, how to contribute, what is going on)
>>> - Minutes for the meet
>>> - Community Manager
>>> - Sprints:
>>> - Running the sprint
>>>
>>> Action Items:
>>> - Eric Windisch to Identify topic to set the sprint/ hackathon and time.
>>>
>>> Thanks,
>>> -Sriram
>>>
>>> _______________________________________________
>>> Openstack-security mailing list
>>> Openstack-security at lists.openstack.org
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20131111/ad15aea9/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3902 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20131111/ad15aea9/attachment.bin>
More information about the Openstack-security
mailing list