[Openstack-security] OpenStack Security Group representation to the VMT
Bryan D. Payne
bdpayne at acm.org
Tue Nov 19 16:56:58 UTC 2013
+1
-bryan
On Tue, Nov 19, 2013 at 8:54 AM, Clark, Robert Graham
<robert.clark at hp.com>wrote:
> Deciding whether or not something is an exploitable vulnerability and
> how it should be handled are difficult tasks, not least in the OpenStack
> world where most people run different deployment types, have different
> attack models and threats to consider.
>
> Over the last 6 months I've occasionally been roped in to help the VMT
> make decisions about how security vulnerabilities should be handled. At
> the VMT session this summit, it was suggested that the OSSG involvement
> with the VMT should be more formalised. I couldn't agree more with this
> statement, I'd like to continue working with the VMT as I've found the
> work rewarding and beneficial. HP now operates OpenStack clouds in the
> Public, Hybrid and Private scopes, meaning that I and my security team
> are well positioned to address the concerns of most cloud deployers.
>
> If the OSSG were to start being involved with the VMT more regularly
> it's likely that we'd need more than one person to cover VMT
> engagements. I have the resource within my security team to do this but
> it would likely make sense for this to be someone from another
> organisation, being in a different time zone would also likely be
> beneficial.
>
> I believe that Joel Coffman from APL has volunteered to work with the
> VMT too, is there any objection within the OSSG to the proposal that we
> start with myself and Joel providing support to the VMT? There will be
> scope to change the team around and also for Joel or I to draw on the
> expertise from others in the OSSG for individual issues.
>
> If members of the OSSG agree this is a reasonable first step to further
> involvement with the VMT, I'll start a discussion with them to work out
> the best way forward.
>
> Regards
> -Rob
>
> Robert Clark
> Security Architect
> HP Cloud Services
>
>
> _______________________________________________
> Openstack-security mailing list
> Openstack-security at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20131119/796ee8a6/attachment.html>
More information about the Openstack-security
mailing list