Contributing to the OpenStack Security Group

Transcript

1. © 2014 Nebula, Inc. All rights reserved.
   (cloud) Computing for the Enterprise
   Contributing to the
   OpenStack Security Group
   Bryan D. Payne
   August 27, 2014
   

   View Slide

2. © 2014 Nebula, Inc. All rights reserved.
   OSSG Overview
   •  Working to improve security in OpenStack
   –  Hardening, Deployment, Compliance, etc.
   •  Currently over 200 members
   •  Regular meetings and discussions
   –  Weekly IRC meetings (Thursdays at 1700 UTC)
   –  openstack-security mailing list
   

   View Slide

3. © 2014 Nebula, Inc. All rights reserved.
   Building the OpenStack Security Group
   Planning   Bootstrapping   Growth  
   Apr  2012   Oct  2012   May  2013  
   Key  Players  
   Vision  
   Logis0cs  
   Public  Rela0ons  
   

   View Slide

4. © 2014 Nebula, Inc. All rights reserved.
   Building the OpenStack Security Group
   Planning   Bootstrapping   Growth  
   Apr  2012   Oct  2012   May  2013  
   Key  Players  
   Vision  
   Logis0cs  
   Public  Rela0ons  
   IRC  Mee0ngs  
   OSSNs  
   Volume  Encryp0on  
   

   View Slide

5. © 2014 Nebula, Inc. All rights reserved.
   Building the OpenStack Security Group
   Planning   Bootstrapping   Growth  
   Apr  2012   Oct  2012   May  2013  
   Key  Players  
   Vision  
   Logis0cs  
   Public  Rela0ons  
   IRC  Mee0ngs  
   OSSNs  
   Volume  Encryp0on  
   Security  Guide  Book  
   Threat  Modeling  
   BeEer  Process  
   Security  Track  
   Mid-­‐Cycle  Meetup  
   Barbican  
   

   View Slide

6. © 2014 Nebula, Inc. All rights reserved.
   Key Projects
   •  Primary  focus  
   •  Already  providing  value  
   •  Individually  lead  projects  
   •  Good  opportunity  for  new  
   contributors  
   •  Significant  domain  exper8se  
   OpenStack  
   Security  
   Threat  Analysis  
   OpenStack  Security  Guide  
   OpenStack  Security  Notes  
   

   View Slide

7. © 2014 Nebula, Inc. All rights reserved.
   Best Practices
   •  Skeleton  Projects  
   •  Bootstrapped  
   •  Ready  to  Provide  Value  
   •  Maturity  Indicators  
   •  Low  bar  to  entry  
   •  OSSG  support  
   •  Demonstrated  need  
   OpenStack  
   Security  
   Cryptography  Review  
   Developer  Security  
   Guidelines  
   

   View Slide

8. © 2014 Nebula, Inc. All rights reserved.
   Stretch Goals
   •  Not  really  in  scope  
   •  Some  easy  wins  
   •  Separately  lead  projects  
   •  WaiHng  on  outside  work  
   •  Codify  security  guidelines  
   •  Higher  bar  to  entry  
   •  Jenkins  –  Job  wri8ng  
   •  Infrastructure  hooks  
   •  Tempest  –  Template  /  Test  
   OpenStack  
   Security  
   Jenkins  Enhancements  
   StaAc  Analysis  
   Tempest  Modules  
   

   View Slide

9. © 2014 Nebula, Inc. All rights reserved.
   Putting It All Together
   OpenStack  
   Security  
   Threat  Analysis  
   OpenStack  Security  Guide  
   OpenStack  Security  Notes  
   Cryptography  Review  
   Developer  Security  
   Guidelines  
   Jenkins  Enhancements  
   StaAc  Analysis  
   Tempest  Modules  
   

   View Slide

10. © 2014 Nebula, Inc. All rights reserved.
    GETTING INVOLVED
    

    View Slide

11. © 2014 Nebula, Inc. All rights reserved.
    OpenStack  Projects   “The  Glue”  
    •  Improve  available  security  
    •  Document  best  pracHces  
    •  Simplify  security  compliance  
    •  Work  with  builders,  ops,  users  
    

    View Slide

12. © 2014 Nebula, Inc. All rights reserved.
    Ways to Participate
    •  Key Projects
    •  Best Practices
    •  IRC Meetings
    •  Code Reviews
    •  Mailing List
    •  Relationship Management
    OSSG  
    

    View Slide

13. © 2014 Nebula, Inc. All rights reserved.
    Email:  [email protected]  
    TwiRer:  @bdpsecurity  
    

    View Slide