during the security midcycle meetup we had a session about creating
threat analysis for openstack projects. the folks at HPE were kind
enough to offer their documentation and examples as an aid to creating
after talking with the sahara team, i am confident that we can create an
example threat analysis for our installers and operators to use as a
reference in their deployments.
my goal in this is not to create a roadmap of current vulnerabilities
within sahara, but to produce a working document that can be used as a
guide for any users wishing to secure their sahara installations. i
think there is value in creating these type of guides for all openstack
projects, and i'm hopeful that the sahara team could take the lead in
i'm reaching out in this email to help renew interest in the threat
analysis work, and to possibly collate the material that is available
and help define some spaces online where we might coordinate these efforts.
OpenStack Development Mailing List (not for usage questions)