Open Stack

Thanks Shohel,

I am at the IRC #openstack-meeting. Anyone out there?

thanks,
-sriram


On Thu, Nov 14, 2013 at 9:40 AM, Abu Shohel Ahmed <ahmed.shohel at ericsson.com
> wrote:

> Hi Sriram,
>
> To get started,  I have create an Wiki Page.
>
> https://wiki.openstack.org/wiki/Security/Threat_Analysis
>
> Currently, consisting of a process diagram and links to relevant
> literature.
> The wiki page can be enriched together as the time goes  and we proceed
> with our work.
>
> We have also linked in the Wiki, a security quick study report for
> Keystone Folsom
> release  which James has promised in the Summit. The report itself is
> quite old now
> compared to the current keystone release. So the most important task now,
> is to define
> a common process through which we can do evaluation of OpenStack
> Components.
>
> See you in today's meeting. We can discuss about how we can proceed with
> this
> activity.
>
> Thanks,
> Shohel
>
>
> Sriram Subramanian kirjoitti Nov 12, 2013 kello 12:13 AM:
>
> Shohel,
>
> Could you please send any relevant links for those who are new to the
> threat model analysis process? Most of the links I used while at Microsoft
> are internal-only.
>
> thanks,
> -Sriram
>
>
> On Mon, Nov 11, 2013 at 5:47 AM, Abu Shohel Ahmed <
> ahmed.shohel at ericsson.com> wrote:
>
>> Hi Rob,
>>
>> Certainly, the meeting transcript should be available in
>> https://wiki.openstack.org/wiki/Meetings/OpenStackSecurity
>> After the meeting, we will sent the meeting notes to the OSSG mailing
>> list.
>>
>> …shohel
>>
>> Clark, Robert Graham kirjoitti Nov 11, 2013 kello 3:43 PM:
>>
>>  I know a few people (me included) won’t be able to make the OSSG
>> meeting this week.
>>
>>  Is there any way we can follow this up by email?
>>
>>   From: Abu Shohel Ahmed <ahmed.shohel at ericsson.com>
>> Date: Monday, 11 November 2013 21:31
>> To: "openstack-security at lists.openstack.org" <
>> openstack-security at lists.openstack.org>
>> Cc: Robert Clark <robert.clark at hp.com>, Sriram Subramanian <
>> sriram at sriramhere.com>, James Kempf <james.kempf at ericsson.com>
>>
>> Subject: Re: [Openstack-security] OSSG Lunch Meeting Notes
>>
>>   Hi all,
>>
>>   We can have a way forward discussion related to threat analysis in the
>> next
>> OSSG IRC meeting (this Thursday). Things we could discuss in the
>> meeting e.g.,
>>   - Threat analysis process in general
>>   - Work items: OpenStack project to target
>>   - Time frame
>>   - Team members
>>   - Way of working
>>
>>  See you in the next meeting.
>>
>>  Thanks,
>> Shohel
>>
>>
>>
>>   James Kempf kirjoitti Nov 7, 2013 kello 2:18 AM:
>>
>>  Hi Rob,
>>
>> Shohel (cc-ed) from Ericsson will be driving this. He will be setting up
>> a chat/teleconference sometime late next week to get started.
>>
>> jak
>>
>> -----Original Message-----
>>
>> From: Clark, Robert Graham [mailto:robert.clark at hp.com<robert.clark at hp.com>
>> ]
>>
>> Sent: Thursday, November 07, 2013 12:06 AM
>>
>> To: Sriram Subramanian; openstack-security at lists.openstack.org
>>
>> Subject: Re: [Openstack-security] OSSG Lunch Meeting Notes
>>
>>
>>  Thanks for the great notes Sriram.
>>
>>
>>  I've made the 'how to contribute' part of the wiki more prominent:
>>
>> https://wiki.openstack.org/wiki/Security/How_To_Contribute
>>
>>
>>  To clarify, when we have the ball rolling on Threat Modelling for major
>>
>> projects, I can commit some security-architect resources to take part in
>>
>> the discussions.
>>
>>
>>  Cheers
>>
>> -Rob
>>
>>
>>
>>  From: Sriram Subramanian
>>
>> <sriram at sriramhere.com<mailto:sriram at sriramhere.com<sriram at sriramhere.com>
>> >>
>>
>> Date: Tuesday, 5 November 2013 14:24
>>
>> To: "openstack-security at lists.openstack.org<mailto:openstack-<openstack->
>>
>> security at lists.openstack.org>" <openstack-
>>
>> security at lists.openstack.org<mailto:openstack- <openstack->
>>
>> security at lists.openstack.org>>
>>
>> Subject: [Openstack-security] OSSG Lunch Meeting Notes
>>
>>
>>  Some of the items discussed, followed by Action Items:
>>
>>
>>  1) How can one get invovled - Wiki will direct
>>
>> 2) Where to pick up security tasks from?
>>
>>   - wiki is the starting point
>>
>>   - people sign up via mailing list
>>
>>
>>
>>  3) threat analysis
>>
>>   - Static Analysis, Formal Verification on projects was proposed by
>>
>> James.
>>
>>   -
>>
>>   - static analysis on python is not very useful; whole projects will
>>
>> take a long time
>>
>>   -
>>
>> 4) Threat modeling -
>>
>>   -
>>
>> Action item (James Kempf) : share the results from Folsom for TM around
>>
>> Keystone
>>
>>
>>    -  Rob can get resources towards this
>>
>>   -  get started with core or knowledgeable people
>>
>>   -  Ideally, Secuirty Reviews Per month per project. Review coordinator
>>
>> prepares the arch diagram before the review day
>>
>>
>>  5) security review - HP's review process; what it translates to for
>>
>> OpenStack?
>>
>>
>>  6) Attacker model
>>
>>  - single or many
>>
>>  -
>>
>> 7) Tracking the CVEs, publish in the format
>>
>>
>>  - Action Item:  Daniel (Red Hat) to start discussin in the mailing list
>>
>> -  Format:
>>
>> 8)
>>
>> Getting the word out (wiki, how to contribute, what is going on)
>>
>>  - Minutes for the meet
>>
>>  - Community Manager
>>
>>  - Sprints:
>>
>>     - Running the sprint
>>
>>
>>  Action Items:
>>
>> - Eric Windisch to Identify topic to set the sprint/ hackathon and time.
>>
>>
>>  Thanks,
>>
>> -Sriram
>>
>>
>>  _______________________________________________
>>
>> Openstack-security mailing list
>>
>> Openstack-security at lists.openstack.org
>>
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>>
>>
>>
>>
>
>
> --
> Thanks,
> -Sriram
>
>
>


-- 
Thanks,
-Sriram
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20131114/9753ecb9/attachment.html>