[Openstack-security] Security Analysis for new Blueprints
Fiorentino, Cristian
cristian.fiorentino at intel.com
Thu Mar 27 13:26:12 UTC 2014
Dear All,
Probably you are already aware that Nova is moving towards reviewing Blueprints using Gerrit, and proposing a new template with several sections as you can find here:
https://github.com/openstack/nova-specs/blob/master/specs/template.rst
On the other side, currently there is the effort being held by OSSG for performing a threat model analysis for OpenStack, which is great in my opinion and would lead to a baseline threat model analysis.
But new features/Blueprints are being integrated all the time, and with them new potential Security risks at design time.
(Please let me know if I am wrong, but I am not aware of required Security analysis for new Blueprints besides what the reviewers may identify during the approval process.)
That said, I was wondering if it would be worth to push the inclusion of a "Security impact" section as part of the Blueprints definitions; and probably to start with the new Nova template approach.
I am not talking about requesting a detailed threat model analysis at the Blueprint definition stage, but to document at least high level Security implications that the Blueprint owner could identify for leveraging Security analysis/reviews in earlier stages of features/components definitions.
Any thoughts appreciated.
Thanks and Regards.
Cristian.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20140327/8bee00f2/attachment.html>
More information about the Openstack-security
mailing list