OpenBMC Learning Series - security

Patrick Williams patrick at stwcx.xyz
Sat Oct 10 06:51:21 AEDT 2020


On Fri, Oct 09, 2020 at 12:33:17PM -0500, Joseph Reynolds wrote:
> On 7/24/20 7:13 PM, Sai Dasari wrote:
> >
> > Team,
> >
> > Thanks to all volunteer speakers stepping up to share their expertise 
> > with community. For speaker convenience, the sessions will be held on 
> > two *TimeZones* (USA/PDT and INDIA/IST) on *Thursdays at 10AM* starting 
> > from 8/20 onwards.
> >
> > I encourage you to take a look at the shared doc @ 
> > https://docs.google.com/spreadsheets/d/1RRO5cgutKE7zRPcjcFjrNn-GI5AYoW0FivEZJe_EyWs/edit?usp=sharing 
> > for more information regarding this series. If you would like to see 
> > more topics (either as speakers or new community members), please feel 
> > free to add them for extending the topics in future sessions.
> >
> ...snip...
> 
> 
> Sai and the OpenBMC community,
> 
> Here is my big-picture idea to organize OpenBMC's security effort. I 
> hope this material will guide the project's overall security effort, 
> including the learning series.
> 
> I want to take this process one step at a time to help build consensus 
> for my approach.
> 
> My big idea is to apply the world's best publicly available security 
> schemes to the OpenBMC project.  Schemes like Microsoft Security 
> Engineering, IBM Secure Engineering, and the Common Criteria evaluation 
> have been developed over decades of experience and give us the most 
> complete guidance for the OpenBMC project and its users.  We should use 
> them.
> 
> Does this seem like the right approach?  See discussion in footnote 1.

Hi Joseph,

What I can't tell is if you're describing the current state of affairs
or where you'd like to go.  My impression is that these education
sessions should be more current state of affairs with only a taste of
the future.  The education sessions are for people who have little-to-no
experience with OpenBMC already in order to make them more productive
quickly.

-- 
Patrick Williams
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20201009/569614cc/attachment.sig>


More information about the openbmc mailing list