<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Hi Rob,<div><br></div><div>Certainly, the meeting transcript should be available in <a href="https://wiki.openstack.org/wiki/Meetings/OpenStackSecurity">https://wiki.openstack.org/wiki/Meetings/OpenStackSecurity</a></div><div>After the meeting, we will sent the meeting notes to the OSSG mailing list.</div><div><br></div><div>…shohel<br><div apple-content-edited="true">

</div>

<br><div><div>Clark, Robert Graham kirjoitti Nov 11, 2013 kello 3:43 PM:</div><br class="Apple-interchange-newline"><blockquote type="cite">

<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">

<div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif;">

<div>I know a few people (me included) won’t be able to make the OSSG meeting this week.</div>

<div><br>

</div>

<div>Is there any way we can follow this up by email?</div>

<div><br>

</div>

<span id="OLK_SRC_BODY_SECTION">

<div style="font-family:Calibri; font-size:11pt; text-align:left; color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt">

<span style="font-weight:bold">From: </span>Abu Shohel Ahmed <<a href="mailto:ahmed.shohel@ericsson.com">ahmed.shohel@ericsson.com</a>><br>

<span style="font-weight:bold">Date: </span>Monday, 11 November 2013 21:31<br>

<span style="font-weight:bold">To: </span>"<a href="mailto:openstack-security@lists.openstack.org">openstack-security@lists.openstack.org</a>" <<a href="mailto:openstack-security@lists.openstack.org">openstack-security@lists.openstack.org</a>><br>

<span style="font-weight:bold">Cc: </span>Robert Clark <<a href="mailto:robert.clark@hp.com">robert.clark@hp.com</a>>, Sriram Subramanian <<a href="mailto:sriram@sriramhere.com">sriram@sriramhere.com</a>>, James Kempf <<a href="mailto:james.kempf@ericsson.com">james.kempf@ericsson.com</a>><br>

<span style="font-weight:bold">Subject: </span>Re: [Openstack-security] OSSG Lunch Meeting Notes<br>

</div>

<div><br>

</div>

<div>

<div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">

Hi all,

<div><br>

</div>

<div> We can have a way forward discussion related to threat analysis in the next </div>

<div>OSSG IRC meeting (this Thursday). Things we could discuss in the </div>

<div>meeting e.g.,</div>

<div>  - Threat analysis process in general</div>

<div>  - Work items: OpenStack project to target</div>

<div>  - Time frame</div>

<div>  - Team members</div>

<div>  - Way of working</div>

<div><br>

</div>

<div>See you in the next meeting.</div>

<div><br>

</div>

<div>Thanks,</div>

<div>Shohel  </div>

<div><br>

</div>

<div><br>

</div>

<div>

<div><span class="Apple-style-span" style="border-collapse: separate; font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; "><span class="Apple-style-span" style="border-collapse: separate; font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; ">

<div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">

<div><br>

</div>

</div>

</span></span></div>

<div>

<div>James Kempf kirjoitti Nov 7, 2013 kello 2:18 AM:</div>

<br class="Apple-interchange-newline">

<blockquote type="cite">

<div>Hi Rob,<br>

<br>

Shohel (cc-ed) from Ericsson will be driving this. He will be setting up a chat/teleconference sometime late next week to get started.<br>

<br>

<span class="Apple-tab-span" style="white-space:pre"></span><span class="Apple-tab-span" style="white-space:pre"></span>jak

<br>

<br>

<blockquote type="cite">-----Original Message-----<br>

</blockquote>

<blockquote type="cite">From: Clark, Robert Graham [<a href="mailto:robert.clark@hp.com">mailto:robert.clark@hp.com</a>]<br>

</blockquote>

<blockquote type="cite">Sent: Thursday, November 07, 2013 12:06 AM<br>

</blockquote>

<blockquote type="cite">To: Sriram Subramanian; <a href="mailto:openstack-security@lists.openstack.org">

openstack-security@lists.openstack.org</a><br>

</blockquote>

<blockquote type="cite">Subject: Re: [Openstack-security] OSSG Lunch Meeting Notes<br>

</blockquote>

<blockquote type="cite"><br>

</blockquote>

<blockquote type="cite">Thanks for the great notes Sriram.<br>

</blockquote>

<blockquote type="cite"><br>

</blockquote>

<blockquote type="cite">I've made the 'how to contribute' part of the wiki more prominent:<br>

</blockquote>

<blockquote type="cite"><a href="https://wiki.openstack.org/wiki/Security/How_To_Contribute">https://wiki.openstack.org/wiki/Security/How_To_Contribute</a><br>

</blockquote>

<blockquote type="cite"><br>

</blockquote>

<blockquote type="cite">To clarify, when we have the ball rolling on Threat Modelling for major<br>

</blockquote>

<blockquote type="cite">projects, I can commit some security-architect resources to take part in<br>

</blockquote>

<blockquote type="cite">the discussions.<br>

</blockquote>

<blockquote type="cite"><br>

</blockquote>

<blockquote type="cite">Cheers<br>

</blockquote>

<blockquote type="cite">-Rob<br>

</blockquote>

<blockquote type="cite"><br>

</blockquote>

<blockquote type="cite"><br>

</blockquote>

<blockquote type="cite">From: Sriram Subramanian<br>

</blockquote>

<blockquote type="cite"><<a href="mailto:sriram@sriramhere.com">sriram@sriramhere.com</a><<a href="mailto:sriram@sriramhere.com">mailto:sriram@sriramhere.com</a>>><br>

</blockquote>

<blockquote type="cite">Date: Tuesday, 5 November 2013 14:24<br>

</blockquote>

<blockquote type="cite">To: "<a href="mailto:openstack-security@lists.openstack.org">openstack-security@lists.openstack.org</a><<a href="mailto:openstack-">mailto:openstack-</a><br>

</blockquote>

<blockquote type="cite"><a href="mailto:security@lists.openstack.org">security@lists.openstack.org</a>>" <openstack-<br>

</blockquote>

<blockquote type="cite"><a href="mailto:security@lists.openstack.org">security@lists.openstack.org</a><<a href="mailto:openstack-">mailto:openstack-</a><br>

</blockquote>

<blockquote type="cite"><a href="mailto:security@lists.openstack.org">security@lists.openstack.org</a>>><br>

</blockquote>

<blockquote type="cite">Subject: [Openstack-security] OSSG Lunch Meeting Notes<br>

</blockquote>

<blockquote type="cite"><br>

</blockquote>

<blockquote type="cite">Some of the items discussed, followed by Action Items:<br>

</blockquote>

<blockquote type="cite"><br>

</blockquote>

<blockquote type="cite">1) How can one get invovled - Wiki will direct<br>

</blockquote>

<blockquote type="cite">2) Where to pick up security tasks from?<br>

</blockquote>

<blockquote type="cite">  - wiki is the starting point<br>

</blockquote>

<blockquote type="cite">  - people sign up via mailing list<br>

</blockquote>

<blockquote type="cite"><br>

</blockquote>

<blockquote type="cite"><br>

</blockquote>

<blockquote type="cite">3) threat analysis<br>

</blockquote>

<blockquote type="cite">  - Static Analysis, Formal Verification on projects was proposed by<br>

</blockquote>

<blockquote type="cite">James.<br>

</blockquote>

<blockquote type="cite">  -<br>

</blockquote>

<blockquote type="cite">  - static analysis on python is not very useful; whole projects will<br>

</blockquote>

<blockquote type="cite">take a long time<br>

</blockquote>

<blockquote type="cite">  -<br>

</blockquote>

<blockquote type="cite">4) Threat modeling -<br>

</blockquote>

<blockquote type="cite">  -<br>

</blockquote>

<blockquote type="cite">Action item (James Kempf) : share the results from Folsom for TM around<br>

</blockquote>

<blockquote type="cite">Keystone<br>

</blockquote>

<blockquote type="cite"><br>

</blockquote>

<blockquote type="cite">  -  Rob can get resources towards this<br>

</blockquote>

<blockquote type="cite">  -  get started with core or knowledgeable people<br>

</blockquote>

<blockquote type="cite">  -  Ideally, Secuirty Reviews Per month per project. Review coordinator<br>

</blockquote>

<blockquote type="cite">prepares the arch diagram before the review day<br>

</blockquote>

<blockquote type="cite"><br>

</blockquote>

<blockquote type="cite">5) security review - HP's review process; what it translates to for<br>

</blockquote>

<blockquote type="cite">OpenStack?<br>

</blockquote>

<blockquote type="cite"><br>

</blockquote>

<blockquote type="cite">6) Attacker model<br>

</blockquote>

<blockquote type="cite"> - single or many<br>

</blockquote>

<blockquote type="cite"> -<br>

</blockquote>

<blockquote type="cite">7) Tracking the CVEs, publish in the format<br>

</blockquote>

<blockquote type="cite"><br>

</blockquote>

<blockquote type="cite">- Action Item:  Daniel (Red Hat) to start discussin in the mailing list<br>

</blockquote>

<blockquote type="cite">-  Format:<br>

</blockquote>

<blockquote type="cite">8)<br>

</blockquote>

<blockquote type="cite">Getting the word out (wiki, how to contribute, what is going on)<br>

</blockquote>

<blockquote type="cite"> - Minutes for the meet<br>

</blockquote>

<blockquote type="cite"> - Community Manager<br>

</blockquote>

<blockquote type="cite"> - Sprints:<br>

</blockquote>

<blockquote type="cite">    - Running the sprint<br>

</blockquote>

<blockquote type="cite"><br>

</blockquote>

<blockquote type="cite">Action Items:<br>

</blockquote>

<blockquote type="cite">- Eric Windisch to Identify topic to set the sprint/ hackathon and time.<br>

</blockquote>

<blockquote type="cite"><br>

</blockquote>

<blockquote type="cite">Thanks,<br>

</blockquote>

<blockquote type="cite">-Sriram<br>

</blockquote>

<blockquote type="cite"><br>

</blockquote>

<blockquote type="cite">_______________________________________________<br>

</blockquote>

<blockquote type="cite">Openstack-security mailing list<br>

</blockquote>

<blockquote type="cite"><a href="mailto:Openstack-security@lists.openstack.org">Openstack-security@lists.openstack.org</a><br>

</blockquote>

<blockquote type="cite"><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security</a><br>

</blockquote>

</div>

</blockquote>

</div>

<br>

</div>

</div>

</div>

</span>

</div>

</blockquote></div><br></div></body></html>