<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Hi all,<div><br></div><div> We can have a way forward discussion related to threat analysis in the next </div><div>OSSG IRC meeting (this Thursday). Things we could discuss in the </div><div>meeting e.g.,</div><div>  - Threat analysis process in general</div><div>  - Work items: OpenStack project to target</div><div>  - Time frame</div><div>  - Team members</div><div>  - Way of working</div><div><br></div><div>See you in the next meeting.</div><div><br></div><div>Thanks,</div><div>Shohel  </div><div><br></div><div><br></div><div><div>
<span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; "><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div><br></div></div></span></span></div><div><div>James Kempf kirjoitti Nov 7, 2013 kello 2:18 AM:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div>Hi Rob,<br><br>Shohel (cc-ed) from Ericsson will be driving this. He will be setting up a chat/teleconference sometime late next week to get started.<br><br><span class="Apple-tab-span" style="white-space:pre">    </span><span class="Apple-tab-span" style="white-space:pre">    </span>jak <br><br><blockquote type="cite">-----Original Message-----<br></blockquote><blockquote type="cite">From: Clark, Robert Graham [mailto:robert.clark@hp.com]<br></blockquote><blockquote type="cite">Sent: Thursday, November 07, 2013 12:06 AM<br></blockquote><blockquote type="cite">To: Sriram Subramanian; <a href="mailto:openstack-security@lists.openstack.org">openstack-security@lists.openstack.org</a><br></blockquote><blockquote type="cite">Subject: Re: [Openstack-security] OSSG Lunch Meeting Notes<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">Thanks for the great notes Sriram.<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">I've made the 'how to contribute' part of the wiki more prominent:<br></blockquote><blockquote type="cite"><a href="https://wiki.openstack.org/wiki/Security/How_To_Contribute">https://wiki.openstack.org/wiki/Security/How_To_Contribute</a><br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">To clarify, when we have the ball rolling on Threat Modelling for major<br></blockquote><blockquote type="cite">projects, I can commit some security-architect resources to take part in<br></blockquote><blockquote type="cite">the discussions.<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">Cheers<br></blockquote><blockquote type="cite">-Rob<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">From: Sriram Subramanian<br></blockquote><blockquote type="cite"><<a href="mailto:sriram@sriramhere.com">sriram@sriramhere.com</a><<a href="mailto:sriram@sriramhere.com">mailto:sriram@sriramhere.com</a>>><br></blockquote><blockquote type="cite">Date: Tuesday, 5 November 2013 14:24<br></blockquote><blockquote type="cite">To: "<a href="mailto:openstack-security@lists.openstack.org">openstack-security@lists.openstack.org</a><mailto:openstack-<br></blockquote><blockquote type="cite"><a href="mailto:security@lists.openstack.org">security@lists.openstack.org</a>>" <openstack-<br></blockquote><blockquote type="cite"><a href="mailto:security@lists.openstack.org">security@lists.openstack.org</a><mailto:openstack-<br></blockquote><blockquote type="cite"><a href="mailto:security@lists.openstack.org">security@lists.openstack.org</a>>><br></blockquote><blockquote type="cite">Subject: [Openstack-security] OSSG Lunch Meeting Notes<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">Some of the items discussed, followed by Action Items:<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">1) How can one get invovled - Wiki will direct<br></blockquote><blockquote type="cite">2) Where to pick up security tasks from?<br></blockquote><blockquote type="cite">   - wiki is the starting point<br></blockquote><blockquote type="cite">   - people sign up via mailing list<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">3) threat analysis<br></blockquote><blockquote type="cite">   - Static Analysis, Formal Verification on projects was proposed by<br></blockquote><blockquote type="cite">James.<br></blockquote><blockquote type="cite">   -<br></blockquote><blockquote type="cite">   - static analysis on python is not very useful; whole projects will<br></blockquote><blockquote type="cite">take a long time<br></blockquote><blockquote type="cite">   -<br></blockquote><blockquote type="cite">4) Threat modeling -<br></blockquote><blockquote type="cite">   -<br></blockquote><blockquote type="cite">Action item (James Kempf) : share the results from Folsom for TM around<br></blockquote><blockquote type="cite">Keystone<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">   -  Rob can get resources towards this<br></blockquote><blockquote type="cite">   -  get started with core or knowledgeable people<br></blockquote><blockquote type="cite">   -  Ideally, Secuirty Reviews Per month per project. Review coordinator<br></blockquote><blockquote type="cite">prepares the arch diagram before the review day<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">5) security review - HP's review process; what it translates to for<br></blockquote><blockquote type="cite">OpenStack?<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">6) Attacker model<br></blockquote><blockquote type="cite">  - single or many<br></blockquote><blockquote type="cite">  -<br></blockquote><blockquote type="cite">7) Tracking the CVEs, publish in the format<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite"> - Action Item:  Daniel (Red Hat) to start discussin in the mailing list<br></blockquote><blockquote type="cite"> -  Format:<br></blockquote><blockquote type="cite">8)<br></blockquote><blockquote type="cite"> Getting the word out (wiki, how to contribute, what is going on)<br></blockquote><blockquote type="cite">  - Minutes for the meet<br></blockquote><blockquote type="cite">  - Community Manager<br></blockquote><blockquote type="cite">  - Sprints:<br></blockquote><blockquote type="cite">     - Running the sprint<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">Action Items:<br></blockquote><blockquote type="cite">- Eric Windisch to Identify topic to set the sprint/ hackathon and time.<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">Thanks,<br></blockquote><blockquote type="cite">-Sriram<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">_______________________________________________<br></blockquote><blockquote type="cite">Openstack-security mailing list<br></blockquote><blockquote type="cite"><a href="mailto:Openstack-security@lists.openstack.org">Openstack-security@lists.openstack.org</a><br></blockquote><blockquote type="cite"><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security</a><br></blockquote></div></blockquote></div><br></div></body></html>