[Openstack-security] develop a common State of OpenStack Security briefing

Thomas Biege thomas at suse.de
Wed Jul 31 19:35:49 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Am 30.07.2013 18:31, schrieb Bryan D. Payne:
> I think that it's useful to talk about the "glue components" (e.g.,
> the message queue, database, etc) and current thinking on best
> practices there.  Also, on best practices for deployment and
> keeping everything up to date.  Finally, I think it's important to
> highlight both the good things that we have today, but also the
> gaps / areas where improvement is needed.

in general such a list of open topics would be helpful to see what
idle hands could do.

Best,
Thomas

> 
> -bryan
> 
> 
> On Tue, Jul 30, 2013 at 5:00 AM, Clark, Robert Graham 
> <robert.clark at hp.com <mailto:robert.clark at hp.com>> wrote:
> 
> I’d certainly be happy to throw some time into this.____
> 
> __ __
> 
> Things I’d expect to see in the deck:____
> 
> __·        __Holistic overview, general security posture____
> 
> __·        __Service overview, perhaps restricted to core IaaS 
> services or wider____
> 
> __o   __Covers secure configuration____
> 
> __o   __Especially new options, improvements____
> 
> __o   __Security Bugs____
> 
> __o   __Design issues____
> 
> __·        __Review of recent security issues and OSSNs____
> 
> __·        __?____
> 
> __ __
> 
> *From:*Nicolae Paladi [mailto:n.paladi at gmail.com 
> <mailto:n.paladi at gmail.com>] *Sent:* 30 July 2013 07:25 *To:* Bryan
> D. Payne *Cc:* openstack-security at lists.openstack.org 
> <mailto:openstack-security at lists.openstack.org> *Subject:* Re:
> [Openstack-security] develop a common State of OpenStack Security
> briefing____
> 
> __ __
> 
> Great initiative, I'd be glad to "test drive" such a presentation
> at our next OpenStack meetup in September;____
> 
> __ __
> 
> Just my 2 cents: would be good to have a slide or two on the state 
> of VPN support in Neutron, as well as what the capabilities of 
> security groups are____
> 
> __ __
> 
> /nicolae____
> 
> __ __
> 
> On 29 July 2013 23:56, Bryan D. Payne <bdpayne at acm.org 
> <mailto:bdpayne at acm.org>> wrote:____
> 
> This sounds very valuable.  What kinds of information would you
> guys like to see in this?____
> 
> __ __
> 
> Also, I'm thinking the slides could be setup in a way that suits 
> either 30 min or 60 min presentation lengths.  Does that seem 
> reasonable?____
> 
> __ __
> 
> -bryan____
> 
> __ __
> 
> On Mon, Jul 29, 2013 at 12:24 PM, Brian Schott 
> <brian.schott at nimbisservices.com 
> <mailto:brian.schott at nimbisservices.com>> wrote:____
> 
> I was thinking that it would be great if we could collectively
> have a common "State of OpenStack Security" that Stackers could
> give at local OpenStack MeetUps or other venues.  This topic comes
> up all of the time and a good executive overview briefing would
> raise the awareness of what OpenStack is doing in this space.
> ____
> 
> __ __
> 
> Is there interest in OSSG in pulling together such a briefing?
> ____
> 
> Brian____
> 
> __ __
> 
> -------------------------------------------------____
> 
> Brian Schott, CTO____
> 
> Nimbis Services, Inc.____
> 
> brian.schott at nimbisservices.com 
> <mailto:brian.schott at nimbisservices.com>____
> 
> ph: 443-274-6064 <tel:443-274-6064>  fx: 443-274-6060 
> <tel:443-274-6060>____
> 
> __ __
> 
> __ __
> 
> __ __
> 
> 
> _______________________________________________ Openstack-security
> mailing list Openstack-security at lists.openstack.org 
> <mailto:Openstack-security at lists.openstack.org> 
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security____
>
>  __ __
> 
> 
> _______________________________________________ Openstack-security
> mailing list Openstack-security at lists.openstack.org 
> <mailto:Openstack-security at lists.openstack.org> 
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security____
>
>  __ __
> 
> 
> 
> 
> _______________________________________________ Openstack-security
> mailing list Openstack-security at lists.openstack.org 
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>
> 
- -- 
Thomas Biege <thomas at suse.de>, Team Leader MaintenanceSecurity, CSSLP
SUSE LINUX Products GmbH
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer
HRB 21284 (AG Nürnberg)
- --
  Wer aufhoert besser werden zu wollen, hoert auf gut zu sein.
                            -- Marie von Ebner-Eschenbach
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJR+WcVAAoJEJqHoVJVjr8Dp0gH/j4ByWaaSDpv+3nPlBbT8liJ
z9weuRk5hhVJkxjC6RF1ZslGPNKCc1reRZDoA2G0u0oadYbQYWWGi+zq9pw6kPPK
b5ZCRn55ryROowmOjZKWUJEsOHGTiR+VrKnV3iPN/xoc77H08LSO4UGh4fzhBqQV
Dc6VoXHvnjS+M3gfb2S10A2wbu9jP3nsWUqLtyRMv+RNW123/K12LK8k+fi5FqpJ
ZOPO9EK5mkz1J/A032/TPP+zFvZORWbcLwyd9Mww9psWEook1Ii35z7BEZjHBpHS
mWAqwF/2/7LZrLJLbV1H8Oe/jrfbW8nBIqV74ECey94sJnmeXse4So7bZv5tvsw=
=KUk6
-----END PGP SIGNATURE-----




More information about the Openstack-security mailing list