Security/How To Contribute

Initial Steps for Everyone

 * 1) Join the SIG launchpad group: https://launchpad.net/~openstack-ossg
 * 2) Join the OpenStack Security SIG mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-sigs
 * 3) Introduce yourself at the weekly Security SIG meeting on IRC: https://wiki.openstack.org/wiki/Meetings/OpenStackSecurity
 * 4) Read the sections below for specific ways that someone with your skills can help improve the security of OpenStack.

Developers, New to OpenStack

 * Set yourself up to contribute to OpenStack (see the “If you’re a developer” section): https://wiki.openstack.org/wiki/How_To_Contribute
 * Review code reviews tagged as SecurityImpact
 * Notifications come to the openstack-security mailing list
 * https://review.openstack.org/#/q/message:SecurityImpact+is:open,n,z


 * Identify open bugs that you can work on to learn a project (we recommend starting with just one project before branching out too much)
 * Compute (Nova): https://bugs.launchpad.net/nova
 * Object Storage (Swift): https://bugs.launchpad.net/swift/
 * Image Service (Glance): https://bugs.launchpad.net/glance
 * Identity (Keystone): https://bugs.launchpad.net/keystone
 * Dashboard (Horizon): https://bugs.launchpad.net/horizon
 * Networking (Neutron): https://bugs.launchpad.net/neutron
 * Block Storage (Cinder): https://bugs.launchpad.net/cinder
 * Common Code (Oslo): https://bugs.launchpad.net/oslo


 * Review code to learn a project and find security issues (we recommend starting with just one project before branching out too much)
 * Compute (Nova): https://github.com/openstack/nova
 * Object Storage (Swift): https://github.com/openstack/swift
 * Image Service (Glance): https://github.com/openstack/glance
 * Identity (Keystone): https://github.com/openstack/keystone
 * Dashboard (Horizon): https://github.com/openstack/horizon
 * Networking (Neutron): https://github.com/openstack/neutron
 * Block Storage (Cinder): https://github.com/openstack/cinder
 * Common Code (Oslo): https://github.com/openstack/oslo-incubator

Developers, Experienced with OpenStack

 * Security leadership on specific OpenStack project
 * SIG people with both a strong security background and a strong OpenStack background to work as core developers on projects. These people would help serve as the link between OSSG and the OpenStack project by:
 * Identifying areas where the code should be improved
 * Writing blueprints for security features related to that project
 * Ensuring relevant reviews are marked with SecurityImpact tags
 * Leveraging OSSG members to help solve security problems
 * Become a trusted security resource among the core developers
 * This is a position that one grows into by demonstrating good work over time. This is not something where you are simply appointed.  If you are interested, OSSG can help get you started.


 * Identify security-relevant code reviews and tag as SecurityImpact
 * Review code reviews tagged as SecurityImpact
 * Notifications come to the openstack-security mailing list
 * https://review.openstack.org/#/q/message:SecurityImpact+is:open,n,z


 * Review blueprints
 * Compute (Nova): https://blueprints.launchpad.net/nova
 * Object Storage (Swift): https://blueprints.launchpad.net/swift
 * Image Service (Glance): https://blueprints.launchpad.net/glance
 * Identity (Keystone): https://blueprints.launchpad.net/keystone
 * Dashboard (Horizon): https://blueprints.launchpad.net/horizon
 * Networking (Neutron): https://blueprints.launchpad.net/neutron
 * Block Storage (Cinder): https://blueprints.launchpad.net/cinder
 * Common Code (Oslo): https://blueprints.launchpad.net/oslo


 * Write security-relevant blueprints

Security Architects

 * Review / edit / add to the OpenStack Security Guide
 * Webpage: http://docs.openstack.org/sec/
 * DocBook Source: https://github.com/openstack/security-doc/tree/master/security-guide


 * Review / edit / create OSSNs
 * https://wiki.openstack.org/wiki/Security/Security_Note_Process
 * https://launchpad.net/ossn


 * Review blueprints (see links in developer section above)
 * Write security-relevant blueprints

Writers / Editors

 * Initial setup instructions can be found at the Documentation First Timer's How To page: https://wiki.openstack.org/wiki/Documentation/HowTo/FirstTimers
 * Once those steps are complete, you can help review / edit the OpenStack Security Guide
 * Webpage: http://docs.openstack.org/sec/
 * DocBook Source: https://github.com/openstack/security-doc/tree/master/security-guide
 * List of Enhancements / Bugs: https://bugs.launchpad.net/openstack/+bugs?field.tag=sec-guide
 * Open a new Enhancement / Bug: File a bug on https://bugs.launchpad.net/openstack-manuals/+filebug and tag it with "sec-guide". Option for tags is available under "Extra options".


 * Review / edit OSSNs
 * https://wiki.openstack.org/wiki/Security/Security_Note_Process
 * https://launchpad.net/ossn

QA / Automation / Software Development Engineer in Test (SDET)

 * Add security testing to current test suites
 * Add security tests to OS projects
 * Learn to identify and file Security Bugs
 * Identify open bugs and/or report security bugs that you can work on to learn a project (we recommend starting with just one project before branching out too much)
 * Compute (Nova): https://bugs.launchpad.net/nova
 * Object Storage (Swift): https://bugs.launchpad.net/swift/
 * Image Service (Glance): https://bugs.launchpad.net/glance
 * Identity (Keystone): https://bugs.launchpad.net/keystone
 * Dashboard (Horizon): https://bugs.launchpad.net/horizon
 * Networking (Neutron): https://bugs.launchpad.net/neutron
 * Block Storage (Cinder): https://bugs.launchpad.net/cinder
 * Common Code (Oslo): https://bugs.launchpad.net/oslo

Other Tasks

 * Create / update common OSSG presentation slides