34 lines
1.5 KiB
Plaintext
34 lines
1.5 KiB
Plaintext
Well it's that time again, I'd like to throw my hat in the ring once
|
|
again and nominate myself for the role of Security PTL.
|
|
|
|
During this shortened cycle we've continued to drive various projects:
|
|
|
|
* Issue OpenStack Security Notes and provide some degree
|
|
* Support for teams who are not yet Vulnerability Managed
|
|
* Bandit to provide Python Static Analysis
|
|
* Syntribos for OpenStack project fuzzing
|
|
* Maintaining and updating the security guide
|
|
* Receiving the CII best practice award
|
|
|
|
For my part, this year has been more about managing the project,
|
|
maintaining our momentum and working with the team to behave more like
|
|
a typical OpenStack project, a goal I set out on the security blog[1]
|
|
and something I think we are well on the way to achieving.
|
|
|
|
My intention for the next release is to complete the scorecard outlined
|
|
in the security blog[1] and to bring in more OSSN authors. Security
|
|
notes are becoming increasingly important as vulnerabilities are found
|
|
in projects that are not supported by the VMT. During this cycle we have
|
|
seen a steep rise in embargoed notes, the work for which is not
|
|
reflected in our public gerrit but is extremely important.
|
|
|
|
I'd like to extend my thanks to all those in the security project who
|
|
dedicated time and effort to our many activities. We are not a big
|
|
OpenStack project and most of our members are donating their time,
|
|
outside of their employment, so thank you all for your contributions.
|
|
|
|
Cheers
|
|
-Rob
|
|
|
|
[1] http://openstack-security.github.io/organization/2016/09/22/maturing-the-security-project.html
|