In this talk we will explain how the OSSG is conducting formal Threat Analysis activities for major OpenStack components. We discuss our process: the tools, diagrams and methods in place. We will present some of the security issues that have been identified in our early analysis efforts and discuss how to get involved with the threat analysis efforts.
Our goal with Threat Analysis is to engage project core developers and provide an in depth security review of each major OpenStack component. More info about this work is available at
https://wiki.openstack.org/wiki/Security/Threat_Analysis