Security review findings template

<Project name> security review findings - version/release

Status: Draft/Completed

Release: Juno/Kilo/Liberty/Newton

Version: 0.01 if applicable

Review Date: mm/dd/yyyy

Review Body: <OpenStack Security Project/Name of Third Party Organisation >

Contacts:

  • PTL: name - irc handle

  • Architect: name - irc handle

  • Security Reviewer: name - irc handle

  • OpenStack Security Project Reviewer: <name> (only applicable for third party security reviews)

1. Finding title

  • Risk: <Description of the Risk of this Finding>

  • Impact: <Description of the Impact of this risk>

  • Likelihood: <Low/Medium/High>

  • Impact: <Low/Medium/High>

  • Overall Risk Rating: <Low/Medium/High>

  • Bug: <link to launchpad bug for this finding>

  • Recommendation: <Description of the recommended resolution for this finding>

  • Investigation Results: <Results of any investigation into this finding, such as investigating and discovering this is a weakness in the core technology, find that there is already a blueprint or patch in to fix it, or that a bug should be opened for this>

2. Finding title

  • Risk: <Description of the Risk of this Finding>

  • Impact: <Description of the Impact of this risk>

  • Likelihood: <Low/Medium/High>

  • Impact: <Low/Medium/High>

  • Overall Risk Rating: <Low/Medium/High>

  • Bug: <link to launchpad bug for this finding>

  • Recommendation: <Description of the recommended resolution for this finding>

  • Investigation Results: <Results of any investigation into this finding, such as investigating and discovering this is a weakness in the core technology, find that there is already a blueprint or patch in to fix it, or that a bug should be opened for this>

3. Finding title

  • Risk: <Description of the Risk of this Finding>

  • Impact: <Description of the Impact of this risk>

  • Likelihood: <Low/Medium/High>

  • Impact: <Low/Medium/High>

  • Overall Risk Rating: <Low/Medium/High>

  • Bug: <link to launchpad bug for this finding>

  • Recommendation: <Description of the recommended resolution for this finding>

  • Investigation Results: <Results of any investigation into this finding, such as investigating and discovering this is a weakness in the core technology, find that there is already a blueprint or patch in to fix it, or that a bug should be opened for this>