Last two weeks had no meeting activity, however this week we had plenty, so here's the summary.

Hope everyone has a great weekend!

#Date: 29 Aug 2019

Security SIG Meeting Info: http://eavesdrop.openstack.org/#Security_SIG_meeting

Weekly on Thursday at 1500 UTC in #openstack-meeting

Agenda: https://etherpad.openstack.org/p/security-agenda

https://security.openstack.org/

https://wiki.openstack.org/wiki/Security-SIG

#Meeting Notes

Summary: http://eavesdrop.openstack.org/meetings/security/2019/security.2019-08-29-15.00.html

OSSA-2019-004 was released this week, more details here: https://security.openstack.org/ossa/OSSA-2019-004.html

The VMT is currently in the process of updating the requirements for a project to obtain the "vulnerability:managed tag, there is a current change in progress here:https://review.opendev.org/#/c/678426/

The main goal is to reduce the barrier of entry by not explicitly requiring an audit being performed on the project (but still recommending it), as well as clarifications on other guidelines

The security docs are continuing to see updates: https://review.opendev.org/#/q/project:openstack/security-doc

Shoutout to nickthetait for taking on this work, and to those reviewing it as well!

We discussed the default policy file discrepencies in Cinder/Nova in the Queens release, it appears that several projects have different file defaults for policy.

This is causing issues when a policy file works fine in one release, but after upgrading, the file is no longer automatically detected.

One path forward is to open a security docs bug to track these and look for a way to resolve this.

#VMT Reports

A full list of publicly marked security issues can be found here: https://bugs.launchpad.net/ossa/

OSSA-2019-004 was released this week, more details here: https://security.openstack.org/ossa/OSSA-2019-004.html