Difference between revisions of "Security/Threat Analysis"
< Security
(Created page with "== OpenStack Threat Anlaysis == This proposal is to start a threat analysis evaluation of the OpenStack system components. A threat analysis takes a comprehensive look at the ...") |
(→OpenStack Threat Anlaysis) |
||
Line 1: | Line 1: | ||
== OpenStack Threat Anlaysis == | == OpenStack Threat Anlaysis == | ||
This proposal is to start a threat analysis evaluation of the OpenStack system components. A threat analysis takes a comprehensive look at the system at hand – components, protocols and code - against the existence and capability of an adversary looking for known vulnerabilities. When a threat is identified, it is tallied and reported to the development team. In some cases, the threat analysis team may also include a suggestion to fix the vulnerabilities and related threat. | This proposal is to start a threat analysis evaluation of the OpenStack system components. A threat analysis takes a comprehensive look at the system at hand – components, protocols and code - against the existence and capability of an adversary looking for known vulnerabilities. When a threat is identified, it is tallied and reported to the development team. In some cases, the threat analysis team may also include a suggestion to fix the vulnerabilities and related threat. | ||
+ | |||
+ | === Threat Analysis Steps === | ||
+ | <gallery> | ||
+ | File:Modeling_steps.png| Threat Analysis Steps | ||
+ | </gallery> |
Revision as of 13:07, 13 November 2013
OpenStack Threat Anlaysis
This proposal is to start a threat analysis evaluation of the OpenStack system components. A threat analysis takes a comprehensive look at the system at hand – components, protocols and code - against the existence and capability of an adversary looking for known vulnerabilities. When a threat is identified, it is tallied and reported to the development team. In some cases, the threat analysis team may also include a suggestion to fix the vulnerabilities and related threat.