Gerrit review 28207 - Help define OpenBMC's security objectives

Joseph Reynolds jrey at
Tue Jan 7 07:10:38 AEDT 2020

I meant to copy the OpenBMC email list.

On 1/6/20 11:59 AM, Joseph Reynolds wrote:
> OpenBMC TSC members and information security leads,
> A new OpenBMC document identifies information security programs which 
> might be directed at OpenBMC.  These are the highest-level programs 
> such as national standards, industry best practices, and public-facing 
> company-specific practices.  The idea is to document OpenBMC's 
> security objectives and provide references to appropriate actionable 
> advice needed for development work.  As the OpenBMC project reaches 
> out for security standards to follow, and various agencies promote 
> their requirements, we can document our efforts here.  Details are in 
> the document.
> The document is a first draft.  I would be happy to add and remove 
> material so it can be merged into the project.  I think this should be 
> merged before attempting to expand on any of the topics.  This topic 
> is on the agenda for this Wednesday's OpenBMC Security Working Group 
> meeting.
> Please pass this on to your security leads to help define OpenBMC's 
> security objectives.
> - Joseph
> The document is available in gerrit review 28207 here:
> OpenBMC Security Working Group wiki is here:

More information about the openbmc mailing list