security-doc/security-threat-analysis/source/templates/review-notes.rst
Doug Chivers 9722f9a9e6 Added templates for security review notes and findings
Added templates to be used during security review.

Change-Id: I25a84396fe2c8ec0fe8ba32b039295383997aa67
2016-08-09 14:51:16 +01:00

1009 B

Security review notes template

<Project name> security review notes - <version/release>

Status: Draft/Completed

Release: Juno/Kilo/Liberty/Newton

Version: 0.01 if applicable

Review Date: mm/dd/yyyy

Review Body: <OpenStack Security Project/Name of Third Party Organisation >

Contacts:

  • PTL: name - irc handle
  • Architect: name - irc handle
  • Security Reviewer: name - irc handle

Reviewers:

  • <Project>: <reviewer names/handles>
  • <Security Review Body>: <reviewer names/handles>
  • OpenStack Security Project: <reviewer names/handles> (only applicable for third party reviews)

Review

Abuse cases

  • <abuse case>
  • <abuse case>

Architectural diagram walkthrough

  • notes

Sequence/DFD diagram walkthrough

  • notes

Actions

  1. action 1
  2. action 2