openstack/security-doc
Code Issues Proposed changes
eece60f5fc
security-doc/security-threat-analysis/source/templates/review-findings.rst
Doug Chivers 9722f9a9e6 Added templates for security review notes and findings 
Added templates to be used during security review.

Change-Id: I25a84396fe2c8ec0fe8ba32b039295383997aa67
2016-08-09 14:51:16 +01:00

2.5 KiB
Raw Blame History

Security review findings template

<Project name> security review findings - version/release

Status: Draft/Completed

Release: Juno/Kilo/Liberty/Newton

Version: 0.01 if applicable

Review Date: mm/dd/yyyy

Review Body: <OpenStack Security Project/Name of Third Party Organisation >

Contacts:

  • PTL: name - irc handle
  • Architect: name - irc handle
  • Security Reviewer: name - irc handle
  • OpenStack Security Project Reviewer: <name> (only applicable for third party security reviews)

1. Finding title

  • Risk: <Description of the Risk of this Finding>
  • Impact: <Description of the Impact of this risk>
  • Likelihood: <Low/Medium/High>
  • Impact: <Low/Medium/High>
  • Overall Risk Rating: <Low/Medium/High>
  • Bug: <link to launchpad bug for this finding>
  • Recommendation: <Description of the recommended resolution for this finding>
  • Investigation Results: <Results of any investigation into this finding, such as investigating and discovering this is a weakness in the core technology, find that there is already a blueprint or patch in to fix it, or that a bug should be opened for this>

2. Finding title

  • Risk: <Description of the Risk of this Finding>
  • Impact: <Description of the Impact of this risk>
  • Likelihood: <Low/Medium/High>
  • Impact: <Low/Medium/High>
  • Overall Risk Rating: <Low/Medium/High>
  • Bug: <link to launchpad bug for this finding>
  • Recommendation: <Description of the recommended resolution for this finding>
  • Investigation Results: <Results of any investigation into this finding, such as investigating and discovering this is a weakness in the core technology, find that there is already a blueprint or patch in to fix it, or that a bug should be opened for this>

3. Finding title

  • Risk: <Description of the Risk of this Finding>
  • Impact: <Description of the Impact of this risk>
  • Likelihood: <Low/Medium/High>
  • Impact: <Low/Medium/High>
  • Overall Risk Rating: <Low/Medium/High>
  • Bug: <link to launchpad bug for this finding>
  • Recommendation: <Description of the recommended resolution for this finding>
  • Investigation Results: <Results of any investigation into this finding, such as investigating and discovering this is a weakness in the core technology, find that there is already a blueprint or patch in to fix it, or that a bug should be opened for this>