osdir.com

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[no subject]


Thanks,
Shohel
 

Sriram Subramanian kirjoitti Nov 14, 2013 kello 9:04 PM:

> Thanks Shohel,
>  
> I am at the IRC #openstack-meeting. Anyone out there?
>  
> thanks,
> -sriram
> 
> 
> On Thu, Nov 14, 2013 at 9:40 AM, Abu Shohel Ahmed <ahmed.shohel at ericsson.com> wrote:
> Hi Sriram,
> 
> To get started,  I have create an Wiki Page.
> 
> https://wiki.openstack.org/wiki/Security/Threat_Analysis
> 
> Currently, consisting of a process diagram and links to relevant literature. 
> The wiki page can be enriched together as the time goes  and we proceed with our work.
> 
> We have also linked in the Wiki, a security quick study report for Keystone Folsom 
> release  which James has promised in the Summit. The report itself is quite old now 
> compared to the current keystone release. So the most important task now, is to define
> a common process through which we can do evaluation of OpenStack Components.
> 
> See you in today's meeting. We can discuss about how we can proceed with this
> activity.
> 
> Thanks,
> Shohel
> 
> 
> Sriram Subramanian kirjoitti Nov 12, 2013 kello 12:13 AM:
> 
>> Shohel,
>>  
>> Could you please send any relevant links for those who are new to the threat model analysis process? Most of the links I used while at Microsoft are internal-only.
>>  
>> thanks,
>> -Sriram
>> 
>> 
>> On Mon, Nov 11, 2013 at 5:47 AM, Abu Shohel Ahmed <ahmed.shohel at ericsson.com> wrote:
>> Hi Rob,
>> 
>> Certainly, the meeting transcript should be available in https://wiki.openstack.org/wiki/Meetings/OpenStackSecurity
>> After the meeting, we will sent the meeting notes to the OSSG mailing list.
>> 
>> ?shohel
>> 
>> Clark, Robert Graham kirjoitti Nov 11, 2013 kello 3:43 PM:
>> 
>>> I know a few people (me included) won?t be able to make the OSSG meeting this week.
>>> 
>>> Is there any way we can follow this up by email?
>>> 
>>> From: Abu Shohel Ahmed <ahmed.shohel at ericsson.com>
>>> Date: Monday, 11 November 2013 21:31
>>> To: "openstack-security at lists.openstack.org" <openstack-security at lists.openstack.org>
>>> Cc: Robert Clark <robert.clark at hp.com>, Sriram Subramanian <sriram at sriramhere.com>, James Kempf <james.kempf at ericsson.com>
>>> 
>>> Subject: Re: [Openstack-security] OSSG Lunch Meeting Notes
>>> 
>>> Hi all,
>>> 
>>>  We can have a way forward discussion related to threat analysis in the next 
>>> OSSG IRC meeting (this Thursday). Things we could discuss in the 
>>> meeting e.g.,
>>>   - Threat analysis process in general
>>>   - Work items: OpenStack project to target
>>>   - Time frame
>>>   - Team members
>>>   - Way of working
>>> 
>>> See you in the next meeting.
>>> 
>>> Thanks,
>>> Shohel  
>>> 
>>> 
>>> 
>>> James Kempf kirjoitti Nov 7, 2013 kello 2:18 AM:
>>> 
>>>> Hi Rob,
>>>> 
>>>> Shohel (cc-ed) from Ericsson will be driving this. He will be setting up a chat/teleconference sometime late next week to get started.
>>>> 
>>>> jak 
>>>> 
>>>>> -----Original Message-----
>>>>> From: Clark, Robert Graham [mailto:robert.clark at hp.com]
>>>>> Sent: Thursday, November 07, 2013 12:06 AM
>>>>> To: Sriram Subramanian; openstack-security at lists.openstack.org
>>>>> Subject: Re: [Openstack-security] OSSG Lunch Meeting Notes
>>>>> 
>>>>> Thanks for the great notes Sriram.
>>>>> 
>>>>> I've made the 'how to contribute' part of the wiki more prominent:
>>>>> https://wiki.openstack.org/wiki/Security/How_To_Contribute
>>>>> 
>>>>> To clarify, when we have the ball rolling on Threat Modelling for major
>>>>> projects, I can commit some security-architect resources to take part in
>>>>> the discussions.
>>>>> 
>>>>> Cheers
>>>>> -Rob
>>>>> 
>>>>> 
>>>>> From: Sriram Subramanian
>>>>> <sriram at sriramhere.com<mailto:sriram at sriramhere.com>>
>>>>> Date: Tuesday, 5 November 2013 14:24
>>>>> To: "openstack-security at lists.openstack.org<mailto:openstack-
>>>>> security at lists.openstack.org>" <openstack-
>>>>> security at lists.openstack.org<mailto:openstack-
>>>>> security at lists.openstack.org>>
>>>>> Subject: [Openstack-security] OSSG Lunch Meeting Notes
>>>>> 
>>>>> Some of the items discussed, followed by Action Items:
>>>>> 
>>>>> 1) How can one get invovled - Wiki will direct
>>>>> 2) Where to pick up security tasks from?
>>>>>   - wiki is the starting point
>>>>>   - people sign up via mailing list
>>>>> 
>>>>> 
>>>>> 3) threat analysis
>>>>>   - Static Analysis, Formal Verification on projects was proposed by
>>>>> James.
>>>>>   -
>>>>>   - static analysis on python is not very useful; whole projects will
>>>>> take a long time
>>>>>   -
>>>>> 4) Threat modeling -
>>>>>   -
>>>>> Action item (James Kempf) : share the results from Folsom for TM around
>>>>> Keystone
>>>>> 
>>>>>   -  Rob can get resources towards this
>>>>>   -  get started with core or knowledgeable people
>>>>>   -  Ideally, Secuirty Reviews Per month per project. Review coordinator
>>>>> prepares the arch diagram before the review day
>>>>> 
>>>>> 5) security review - HP's review process; what it translates to for
>>>>> OpenStack?
>>>>> 
>>>>> 6) Attacker model
>>>>>  - single or many
>>>>>  -
>>>>> 7) Tracking the CVEs, publish in the format
>>>>> 
>>>>> - Action Item:  Daniel (Red Hat) to start discussin in the mailing list
>>>>> -  Format:
>>>>> 8)
>>>>> Getting the word out (wiki, how to contribute, what is going on)
>>>>>  - Minutes for the meet
>>>>>  - Community Manager
>>>>>  - Sprints:
>>>>>     - Running the sprint
>>>>> 
>>>>> Action Items:
>>>>> - Eric Windisch to Identify topic to set the sprint/ hackathon and time.
>>>>> 
>>>>> Thanks,
>>>>> -Sriram
>>>>> 
>>>>> _______________________________________________
>>>>> Openstack-security mailing list
>>>>> Openstack-security at lists.openstack.org
>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>>> 
>> 
>> 
>> 
>> 
>> -- 
>> Thanks,
>> -Sriram
> 
> 
> 
> 
> -- 
> Thanks,
> -Sriram

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20131115/a78d17bd/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3902 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20131115/a78d17bd/attachment-0001.bin>