9722f9a9e6
Added templates to be used during security review. Change-Id: I25a84396fe2c8ec0fe8ba32b039295383997aa67
76 lines
2.5 KiB
ReStructuredText
76 lines
2.5 KiB
ReStructuredText
=================================
|
|
Security review findings template
|
|
=================================
|
|
|
|
<Project name> security review findings - version/release
|
|
=========================================================
|
|
|
|
**Status**: Draft/Completed
|
|
|
|
**Release**: Juno/Kilo/Liberty/Newton
|
|
|
|
**Version**: 0.01 if applicable
|
|
|
|
**Review Date**: mm/dd/yyyy
|
|
|
|
**Review Body**: <OpenStack Security Project/Name of Third Party Organisation >
|
|
|
|
**Contacts**:
|
|
|
|
- PTL: name - irc handle
|
|
|
|
- Architect: name - irc handle
|
|
|
|
- Security Reviewer: name - irc handle
|
|
|
|
- OpenStack Security Project Reviewer: <name> (only applicable for third party
|
|
security reviews)
|
|
|
|
|
|
1. Finding title
|
|
~~~~~~~~~~~~~~~~
|
|
|
|
- Risk: <Description of the Risk of this Finding>
|
|
- Impact: <Description of the Impact of this risk>
|
|
- Likelihood: <Low/Medium/High>
|
|
- Impact: <Low/Medium/High>
|
|
- Overall Risk Rating: <Low/Medium/High>
|
|
- Bug: <link to launchpad bug for this finding>
|
|
- Recommendation: <Description of the recommended resolution for this finding>
|
|
- Investigation Results: <Results of any investigation into this finding, such
|
|
as investigating and discovering this is a weakness in the core technology,
|
|
find that there is already a blueprint or patch in to fix it, or that a bug
|
|
should be opened for this>
|
|
|
|
|
|
2. Finding title
|
|
~~~~~~~~~~~~~~~~
|
|
|
|
- Risk: <Description of the Risk of this Finding>
|
|
- Impact: <Description of the Impact of this risk>
|
|
- Likelihood: <Low/Medium/High>
|
|
- Impact: <Low/Medium/High>
|
|
- Overall Risk Rating: <Low/Medium/High>
|
|
- Bug: <link to launchpad bug for this finding>
|
|
- Recommendation: <Description of the recommended resolution for this finding>
|
|
- Investigation Results: <Results of any investigation into this finding, such
|
|
as investigating and discovering this is a weakness in the core technology,
|
|
find that there is already a blueprint or patch in to fix it, or that a bug
|
|
should be opened for this>
|
|
|
|
|
|
3. Finding title
|
|
~~~~~~~~~~~~~~~~
|
|
|
|
- Risk: <Description of the Risk of this Finding>
|
|
- Impact: <Description of the Impact of this risk>
|
|
- Likelihood: <Low/Medium/High>
|
|
- Impact: <Low/Medium/High>
|
|
- Overall Risk Rating: <Low/Medium/High>
|
|
- Bug: <link to launchpad bug for this finding>
|
|
- Recommendation: <Description of the recommended resolution for this finding>
|
|
- Investigation Results: <Results of any investigation into this finding, such
|
|
as investigating and discovering this is a weakness in the core technology,
|
|
find that there is already a blueprint or patch in to fix it, or that a bug
|
|
should be opened for this>
|