[openstack-dev] [security][sahara] creating a threat analysis to aid operators

michael mccune msm at redhat.com
Thu Nov 19 20:50:30 UTC 2015


hello all,

during the security midcycle meetup we had a session about creating 
threat analysis for openstack projects. the folks at HPE were kind 
enough to offer their documentation and examples as an aid to creating 
these analysis.

after talking with the sahara team, i am confident that we can create an 
example threat analysis for our installers and operators to use as a 
reference in their deployments.

my goal in this is not to create a roadmap of current vulnerabilities 
within sahara, but to produce a working document that can be used as a 
guide for any users wishing to secure their sahara installations. i 
think there is value in creating these type of guides for all openstack 
projects, and i'm hopeful that the sahara team could take the lead in 
this process.

i'm reaching out in this email to help renew interest in the threat 
analysis work, and to possibly collate the material that is available 
and help define some spaces online where we might coordinate these efforts.

regards,
mike



More information about the OpenStack-dev mailing list