[Openstack-security] Openstack Threat modelling - Common Repository

Bhandaru, Malini K malini.k.bhandaru at intel.com
Fri Apr 11 23:57:26 UTC 2014


Bryan brings up a good point ..  this then takes the flavor of a blueprint with patches to address and/or write OSSNs and cover in the OpenStack security guide.

Regards
Malini

From: Bryan D. Payne [mailto:bdpayne at acm.org]
Sent: Friday, April 11, 2014 9:06 AM
To: Abu Shohel Ahmed
Cc: Openstack-security at lists.openstack.org , ; Anne Gentle
Subject: Re: [Openstack-security] Openstack Threat modelling - Common Repository

This doesn't strike me as being as good of a fit for the documentation project.  I say this because the output isn't a long lived document that people will reference.  The findings seem to me to be of high value initially, and then (hopefully) things get fixed and then I don't see people referencing the findings much any more.  Please correct me if I'm thinking of this in the wrong light.

Could you describe a bit more about how you would make of use gerrit here?  Is this just to get some peer review on the findings before presenting them to the projects as bug reports?

-bryan



On Fri, Apr 11, 2014 at 1:13 AM, Abu Shohel Ahmed <ahmed.shohel at ericsson.com<mailto:ahmed.shohel at ericsson.com>> wrote:
Hi,

Yesterday's OSSG meeting, we are discussing about Threat Modelling process and more specifically gating and publishing process.
Currently, the work is hosted in the Security Wiki page:

https://wiki.openstack.org/wiki/Security/Threat_Analysis

and  some of the contents are in
https://github.com/shohel02/OpenStack_Threat_Modelling.git

Now, that more people are getting interested and there is a need to have engagement and dissemination strategy.
We are thinking of  some common GIT repo with Gerit control, similar to OSSN currently has.  Another aspect is,
can it be part of the documentation project? We think it is well fitted in that category. What do you guys think ?

Thanks,
Shohel


_______________________________________________
Openstack-security mailing list
Openstack-security at lists.openstack.org<mailto:Openstack-security at lists.openstack.org>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20140411/6ee865ee/attachment.html>


More information about the Openstack-security mailing list