[Openstack-security] OSSG Lunch Meeting Notes

Sriram Subramanian sriram at sriramhere.com
Mon Nov 11 22:13:05 UTC 2013 

Shohel,

Could you please send any relevant links for those who are new to the
threat model analysis process? Most of the links I used while at Microsoft
are internal-only.

thanks,
-Sriram


On Mon, Nov 11, 2013 at 5:47 AM, Abu Shohel Ahmed <ahmed.shohel at ericsson.com
> wrote:

> Hi Rob,
>
> Certainly, the meeting transcript should be available in
> https://wiki.openstack.org/wiki/Meetings/OpenStackSecurity
> After the meeting, we will sent the meeting notes to the OSSG mailing list.
>
> …shohel
>
> Clark, Robert Graham kirjoitti Nov 11, 2013 kello 3:43 PM:
>
>  I know a few people (me included) won’t be able to make the OSSG meeting
> this week.
>
>  Is there any way we can follow this up by email?
>
>   From: Abu Shohel Ahmed <ahmed.shohel at ericsson.com>
> Date: Monday, 11 November 2013 21:31
> To: "openstack-security at lists.openstack.org" <
> openstack-security at lists.openstack.org>
> Cc: Robert Clark <robert.clark at hp.com>, Sriram Subramanian <
> sriram at sriramhere.com>, James Kempf <james.kempf at ericsson.com>
>
> Subject: Re: [Openstack-security] OSSG Lunch Meeting Notes
>
>   Hi all,
>
>   We can have a way forward discussion related to threat analysis in the
> next
> OSSG IRC meeting (this Thursday). Things we could discuss in the
> meeting e.g.,
>   - Threat analysis process in general
>   - Work items: OpenStack project to target
>   - Time frame
>   - Team members
>   - Way of working
>
>  See you in the next meeting.
>
>  Thanks,
> Shohel
>
>
>
>   James Kempf kirjoitti Nov 7, 2013 kello 2:18 AM:
>
>  Hi Rob,
>
> Shohel (cc-ed) from Ericsson will be driving this. He will be setting up a
> chat/teleconference sometime late next week to get started.
>
> jak
>
> -----Original Message-----
>
> From: Clark, Robert Graham [mailto:robert.clark at hp.com<robert.clark at hp.com>
> ]
>
> Sent: Thursday, November 07, 2013 12:06 AM
>
> To: Sriram Subramanian; openstack-security at lists.openstack.org
>
> Subject: Re: [Openstack-security] OSSG Lunch Meeting Notes
>
>
>  Thanks for the great notes Sriram.
>
>
>  I've made the 'how to contribute' part of the wiki more prominent:
>
> https://wiki.openstack.org/wiki/Security/How_To_Contribute
>
>
>  To clarify, when we have the ball rolling on Threat Modelling for major
>
> projects, I can commit some security-architect resources to take part in
>
> the discussions.
>
>
>  Cheers
>
> -Rob
>
>
>
>  From: Sriram Subramanian
>
> <sriram at sriramhere.com<mailto:sriram at sriramhere.com<sriram at sriramhere.com>
> >>
>
> Date: Tuesday, 5 November 2013 14:24
>
> To: "openstack-security at lists.openstack.org<mailto:openstack- <openstack->
>
> security at lists.openstack.org>" <openstack-
>
> security at lists.openstack.org<mailto:openstack- <openstack->
>
> security at lists.openstack.org>>
>
> Subject: [Openstack-security] OSSG Lunch Meeting Notes
>
>
>  Some of the items discussed, followed by Action Items:
>
>
>  1) How can one get invovled - Wiki will direct
>
> 2) Where to pick up security tasks from?
>
>   - wiki is the starting point
>
>   - people sign up via mailing list
>
>
>
>  3) threat analysis
>
>   - Static Analysis, Formal Verification on projects was proposed by
>
> James.
>
>   -
>
>   - static analysis on python is not very useful; whole projects will
>
> take a long time
>
>   -
>
> 4) Threat modeling -
>
>   -
>
> Action item (James Kempf) : share the results from Folsom for TM around
>
> Keystone
>
>
>    -  Rob can get resources towards this
>
>   -  get started with core or knowledgeable people
>
>   -  Ideally, Secuirty Reviews Per month per project. Review coordinator
>
> prepares the arch diagram before the review day
>
>
>  5) security review - HP's review process; what it translates to for
>
> OpenStack?
>
>
>  6) Attacker model
>
>  - single or many
>
>  -
>
> 7) Tracking the CVEs, publish in the format
>
>
>  - Action Item:  Daniel (Red Hat) to start discussin in the mailing list
>
> -  Format:
>
> 8)
>
> Getting the word out (wiki, how to contribute, what is going on)
>
>  - Minutes for the meet
>
>  - Community Manager
>
>  - Sprints:
>
>     - Running the sprint
>
>
>  Action Items:
>
> - Eric Windisch to Identify topic to set the sprint/ hackathon and time.
>
>
>  Thanks,
>
> -Sriram
>
>
>  _______________________________________________
>
> Openstack-security mailing list
>
> Openstack-security at lists.openstack.org
>
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>
>
>
>


-- 
Thanks,
-Sriram
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20131111/af41dc6e/attachment.html>

More information about the Openstack-security mailing list