Jump to: navigation, search

Difference between revisions of "Security/How To Contribute"

(Writers / Editors)
Line 68: Line 68:
:* Webpage: http://docs.openstack.org/sec/
:* Webpage: http://docs.openstack.org/sec/
:* DocBook Source: https://github.com/openstack/security-doc/tree/master/security-guide
:* DocBook Source: https://github.com/openstack/security-doc/tree/master/security-guide
:* List of Enhancements / Bugs: https://bugs.launchpad.net/openstack/+bugs?field.tag=sec-guide
* Review / edit OSSNs
* Review / edit OSSNs
:* https://launchpad.net/ossn
:* https://launchpad.net/ossn

Revision as of 20:55, 20 February 2015

How To Contribute To The OpenStack Security Group (OSSG)

Initial Steps for Everyone

  1. Join the OSSG launchpad group: https://launchpad.net/~openstack-ossg
  2. Join the OpenStack Security mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
  3. Introduce yourself at the weekly OSSG meeting on IRC: https://wiki.openstack.org/wiki/Meetings/OpenStackSecurity
  4. Read the sections below for specific ways that someone with your skills can help improve the security of OpenStack.

Developers, New to OpenStack

  • Identify open bugs that you can work on to learn a project (we recommend starting with just one project before branching out too much)
  • Review code to learn a project and find security issues (we recommend starting with just one project before branching out too much)

Developers, Experienced with OpenStack

  • Security leadership on specific OpenStack project
  • OSSG needs people with both a strong security background and a strong OpenStack background to work as core developers on projects. These people would help serve as the link between OSSG and the OpenStack project by:
  • Identifying areas where the code should be improved
  • Writing blueprints for security features related to that project
  • Ensuring relevant reviews are marked with SecurityImpact tags
  • Leveraging OSSG members to help solve security problems
  • Become a trusted security resource among the core developers
  • This is a position that one grows into by demonstrating good work over time. This is not something where you are simply appointed. If you are interested, OSSG can help get you started.
  • Identify security-relevant code reviews and tag as SecurityImpact
  • Review code reviews tagged as SecurityImpact
  • Review blueprints
  • Write security-relevant blueprints

Security Architects

  • Review / edit / add to the OpenStack Security Guide
  • Review / edit / create OSSNs
  • Review blueprints (see links in developer section above)
  • Write security-relevant blueprints

Writers / Editors

  • Review / edit the OpenStack Security Guide
  • Review / edit OSSNs

QA / Automation / Software Development Engineer in Test (SDET)

  • Add security testing to current test suites
  • Add security tests to OS projects
  • Learn to identify and file Security Bugs
  • Identify open bugs and/or report security bugs that you can work on to learn a project (we recommend starting with just one project before branching out too much)

Other Tasks

  • Create / update common OSSG presentation slides