Open Stack

On 2013-11-18 22:17:02 -0800 (-0800), Sriram Subramanian wrote:
> OK, makes sense. I thought at soon we will be doing (2) too. But
> makes sense now. Thanks!

We are hoping that the OSSG puts together a small team of
operational security specialists with whom the VMT can consult when
there are questions about whether a particular bug should be
considered a vulnerability rather than a security hardening
opportunity, to help double-check our assertions of exploitability
and so on.

Also, it's not like there needs to be any particular role separation
there--I'd encourage code-minded OSSG members to attain core status
in various projects and help us from the review/fix side of
things--and similarly security-minded core reviewers should strongly
consider getting involved in the OSSG to pitch in on the
design/planning/auditing end of the spectrum too. There is already
some of this going on of course, but more can't hurt!
-- 
Jeremy Stanley