Open Stack

+1.

I also wanted to know if it is OK for someone to join these calls as
observers (as a learning experience).


On Tue, Nov 19, 2013 at 8:56 AM, Bryan D. Payne <bdpayne at acm.org> wrote:

> +1
>
> -bryan
>
>
> On Tue, Nov 19, 2013 at 8:54 AM, Clark, Robert Graham <robert.clark at hp.com
> > wrote:
>
>> Deciding whether or not something is an exploitable vulnerability and
>> how it should be handled are difficult tasks, not least in the OpenStack
>> world where most people run different deployment types, have different
>> attack models and threats to consider.
>>
>> Over the last 6 months I've occasionally been roped in to help the VMT
>> make decisions about how security vulnerabilities should be handled. At
>> the VMT session this summit, it was suggested that the OSSG involvement
>> with the VMT should be more formalised. I couldn't agree more with this
>> statement, I'd like to continue working with the VMT as I've found the
>> work rewarding and beneficial. HP now operates OpenStack clouds in the
>> Public, Hybrid and Private scopes, meaning that I and my security team
>> are well positioned to address the concerns of most cloud deployers.
>>
>> If the OSSG were to start being involved with the VMT more regularly
>> it's likely that we'd need more than one person to cover VMT
>> engagements. I have the resource within my security team to do this but
>> it would likely make sense for this to be someone from another
>> organisation, being in a different time zone would also likely be
>> beneficial.
>>
>> I believe that Joel Coffman from APL has volunteered to work with the
>> VMT too, is there any objection within the OSSG to the proposal that we
>> start with myself and Joel providing support to the VMT? There will be
>> scope to change the team around and also for Joel or I to draw on the
>> expertise from others in the OSSG for individual issues.
>>
>> If members of the OSSG agree this is a reasonable first step to further
>> involvement with the VMT, I'll start a discussion with them to work out
>> the best way forward.
>>
>> Regards
>> -Rob
>>
>> Robert Clark
>> Security Architect
>> HP Cloud Services
>>
>>
>> _______________________________________________
>> Openstack-security mailing list
>> Openstack-security at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>>
>>
>
> _______________________________________________
> Openstack-security mailing list
> Openstack-security at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>
>


-- 
Thanks,
-Sriram
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20131119/b9e99295/attachment.html>