[openstack-dev] [security][sahara] creating a threat analysis to aid operators
michael mccune
msm at redhat.com
Thu Nov 19 20:50:30 UTC 2015
hello all,
during the security midcycle meetup we had a session about creating
threat analysis for openstack projects. the folks at HPE were kind
enough to offer their documentation and examples as an aid to creating
these analysis.
after talking with the sahara team, i am confident that we can create an
example threat analysis for our installers and operators to use as a
reference in their deployments.
my goal in this is not to create a roadmap of current vulnerabilities
within sahara, but to produce a working document that can be used as a
guide for any users wishing to secure their sahara installations. i
think there is value in creating these type of guides for all openstack
projects, and i'm hopeful that the sahara team could take the lead in
this process.
i'm reaching out in this email to help renew interest in the threat
analysis work, and to possibly collate the material that is available
and help define some spaces online where we might coordinate these efforts.
regards,
mike
More information about the OpenStack-dev
mailing list