Please see my review here as requested in this thread [1]: https://review.openstack.org/300698 The purpose of this review is two fold: 1. Permit sponsoring companies of single vendor projects or projects with low company affiliation diversity to allow their own security experts to sign off on a threat analysis, acting as a third party.. 2. Enable scaling of the OSSA and VMT processes by permitting projects to self-audit, self-review, or self-threat analyze with the condition that an impartial third party take responsibility for approving the audit, review, or threat analysis. [1] http://lists.openstack.org/pipermail/openstack-dev/2016-March/091075.html -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160402/3c396c0d/attachment.html>