Difference between revisions of "Security/Threat Analysis"
< Security
(Created page with "== OpenStack Threat Anlaysis == This proposal is to start a threat analysis evaluation of the OpenStack system components. A threat analysis takes a comprehensive look at the ...") |
(→OpenStack Threat Anlaysis) |
||
| Line 1: | Line 1: | ||
== OpenStack Threat Anlaysis == | == OpenStack Threat Anlaysis == | ||
This proposal is to start a threat analysis evaluation of the OpenStack system components. A threat analysis takes a comprehensive look at the system at hand – components, protocols and code - against the existence and capability of an adversary looking for known vulnerabilities. When a threat is identified, it is tallied and reported to the development team. In some cases, the threat analysis team may also include a suggestion to fix the vulnerabilities and related threat. | This proposal is to start a threat analysis evaluation of the OpenStack system components. A threat analysis takes a comprehensive look at the system at hand – components, protocols and code - against the existence and capability of an adversary looking for known vulnerabilities. When a threat is identified, it is tallied and reported to the development team. In some cases, the threat analysis team may also include a suggestion to fix the vulnerabilities and related threat. | ||
| + | |||
| + | === Threat Analysis Steps === | ||
| + | <gallery> | ||
| + | File:Modeling_steps.png| Threat Analysis Steps | ||
| + | </gallery> | ||
Revision as of 13:07, 13 November 2013
OpenStack Threat Anlaysis
This proposal is to start a threat analysis evaluation of the OpenStack system components. A threat analysis takes a comprehensive look at the system at hand – components, protocols and code - against the existence and capability of an adversary looking for known vulnerabilities. When a threat is identified, it is tallied and reported to the development team. In some cases, the threat analysis team may also include a suggestion to fix the vulnerabilities and related threat.