Security/Projects

Introduction

This page tracks the ongoing security efforts within the OpenStack community. Most of the work here is being performed by members of the OpenStack Security Group (OSSG). There are many ways that you can get involved:

1. Contact one of the project leads listed below to help with a specific project.
2. Learn about other ways to contribute.
3. Attend the weekly OSSG IRC meetings to learn more.

OpenStack Security Guide

This is the book that was originally created in a book sprint in June 2013. Ongoing work to maintain and improve the book is being led by the following group:

1. Ben de Bont
2. David Mortman
3. Sriram Subramanian

Cross Project Security Guidelines

A cross-project set of security guidelines for OpenStack development should be established and followed, similar to the way that coding standards are handled. More details are available on the Security Guidelines wiki page.

This project is being worked on by the following people:

• Nathan Kinder (nkinder) from OSSG
• Robert Clark (hyakuhei) from OSSG
• Paul Montgomery (paulmo) from Project Solum - Solum Security Requirements Wiki (in progress)

Bandit Source Code Analyzer

Bandit is a Python AST-based static analyzer from the OpenStack Security Group. More details are available on the Bandit wiki page.

Core project team:

• Jamie Finnigan (chair6)
• Travis McPeak (tmcpeak)
• Nathan Kinder (nkinder)
• Tim Kelsey (tkelsey)

Anchor

Anchor is an ephemeral PKI system built to enable cryptographic trust in OpenStack services in a way that doesn't rely on broken provisioning and revocation mechanisms that undermine most PKI deployments. More info can be found on the Anchor wiki page.

Core project team:

• Robert Clark (hyakuhei)
• Tim Kelsey (tkelsey)
• Doug Chivers (dg)