On 2019-04-10 11:45:39 +0100 (+0100), Stephen Finucane wrote: [...] > I guess the next steps are figuring out what projects need the > most help and putting together a list of ideas that we can submit. > I can only really speak for nova and oslo. [...] In the last Security SIG meeting we discussed (in the context of the TC's "help wanted" list) how most of the help we need is documentation related. We need Security Analysis documents for a lot of projects, and reviewers for many of the ones already proposed too: https://docs.openstack.org/security-analysis/latest/ https://review.openstack.org/#/q/project:openstack/security-analysis+is:open https://opendev.org/openstack/security-analysis/ The Security Guide doesn’t seem to have been updated since Pike, so it’s a good 1.5 years behind. Having someone step through what's there and confirm or refresh it for Stein would be awesome: https://docs.openstack.org/security-guide/ https://opendev.org/openstack/security-doc/ The documentation we have on secure coding practices is fairly light and could do with more content: https://security.openstack.org/#secure-development-guidelines We could also use help with writing security notes and triaging the outstanding OSSN backlog: https://wiki.openstack.org/wiki/Security_Notes https://wiki.openstack.org/wiki/Security/Security_Note_Process https://bugs.launchpad.net/ossn Much of the above likely requires folks with at least some information security background or interest, but it's a really great place to improve the overall security posture of OpenStack across the board. -- Jeremy Stanley -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 963 bytes Desc: not available URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20190410/0383ee32/attachment.sig>