[Openstack-security] develop a common State of OpenStack Security briefing

Bryan D. Payne bdpayne at acm.org
Tue Jul 30 16:31:41 UTC 2013


I think that it's useful to talk about the "glue components" (e.g., the
message queue, database, etc) and current thinking on best practices there.
 Also, on best practices for deployment and keeping everything up to date.
 Finally, I think it's important to highlight both the good things that we
have today, but also the gaps / areas where improvement is needed.

-bryan


On Tue, Jul 30, 2013 at 5:00 AM, Clark, Robert Graham
<robert.clark at hp.com>wrote:

> I’d certainly be happy to throw some time into this.****
>
> ** **
>
> Things I’d expect to see in the deck:****
>
> **·        **Holistic overview, general security posture****
>
> **·        **Service overview, perhaps restricted to core IaaS services
> or wider****
>
> **o   **Covers secure configuration****
>
> **o   **Especially new options, improvements****
>
> **o   **Security Bugs****
>
> **o   **Design issues****
>
> **·        **Review of recent security issues and OSSNs****
>
> **·        **?****
>
> ** **
>
> *From:* Nicolae Paladi [mailto:n.paladi at gmail.com]
> *Sent:* 30 July 2013 07:25
> *To:* Bryan D. Payne
> *Cc:* openstack-security at lists.openstack.org
> *Subject:* Re: [Openstack-security] develop a common State of OpenStack
> Security briefing****
>
> ** **
>
> Great initiative, I'd be glad to "test drive" such a presentation at our
> next OpenStack meetup in September;****
>
> ** **
>
> Just my 2 cents: would be good to have a slide or two on the state of VPN
> support in Neutron, as well as what the capabilities of security groups are
> ****
>
> ** **
>
> /nicolae****
>
> ** **
>
> On 29 July 2013 23:56, Bryan D. Payne <bdpayne at acm.org> wrote:****
>
> This sounds very valuable.  What kinds of information would you guys like
> to see in this?****
>
> ** **
>
> Also, I'm thinking the slides could be setup in a way that suits either 30
> min or 60 min presentation lengths.  Does that seem reasonable?****
>
> ** **
>
> -bryan****
>
> ** **
>
> On Mon, Jul 29, 2013 at 12:24 PM, Brian Schott <
> brian.schott at nimbisservices.com> wrote:****
>
> I was thinking that it would be great if we could collectively have a
> common "State of OpenStack Security" that Stackers could give at local
> OpenStack MeetUps or other venues.  This topic comes up all of the time and
> a good executive overview briefing would raise the awareness of what
> OpenStack is doing in this space.  ****
>
> ** **
>
> Is there interest in OSSG in pulling together such a briefing?  ****
>
> Brian****
>
> ** **
>
> -------------------------------------------------****
>
> Brian Schott, CTO****
>
> Nimbis Services, Inc.****
>
> brian.schott at nimbisservices.com****
>
> ph: 443-274-6064  fx: 443-274-6060****
>
> ** **
>
> ** **
>
> ** **
>
>
> _______________________________________________
> Openstack-security mailing list
> Openstack-security at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security****
>
> ** **
>
>
> _______________________________________________
> Openstack-security mailing list
> Openstack-security at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security****
>
> ** **
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20130730/d4c85f04/attachment.html>


More information about the Openstack-security mailing list