Loading…
This event has ended. Create your own event → Check it out
This event has ended. Create your own
View analytic
Thursday, May 21 • 1:30pm - 2:10pm
Securing the OpenStack code base with Bandit

Sign up or log in to save this to your schedule and see who's attending!

Security consistently ranks as the #1 concern when talking with decision makers about cloud adoption.  According to a recent count, OpenStack has 1.6 million lines of Python code.  The success of OpenStack is closely tied to the security of the OpenStack code base. 

Bandit is a Python AST-based code security analyzer from the OpenStack Security Group, designed to pinpoint security issues within Python code bases.  Bandit helps sift through large volumes of code efficiently, rapidly identifying potential flaws - for example, unsafe function calls or the usage of outdated/unsafe libraries.  Bandit also makes it easy to extend capabilities to scan for additional vulnerabilities. 

In this presentation, we’ll go over the design and implementation of Bandit.  We’ll discuss some security vulnerabilities that have been already identified, and how new tests can be contributed.  We’ll also discuss how OpenStack projects can start using Bandit immediately, as well as plans for integration into OpenStack gate tests for the automated security scanning of code submissions.


Speakers
avatar for Jamie Finnigan

Jamie Finnigan

HP Cloud Security
Jamie Finnigan is a member of the Cloud Security team at HP, with responsiblity for security of the HP Helion portfolio of OpenStack-based products and services.  Currently in a manager role with service and product-focused responsibilities around security operations, security architecture, and GRC, Jamie has previously gained significant experience with penetration testing, source code review, and security tool development / scripting while... Read More →
TK

Tim Kelsey

HP Cloud Security
Tim Kelsey is a security engineer at HP Cloud with responsibilities across the Helion portfolio and an emphasis on OpenStack upstream work including ongoing contributions to Barbican, Kite, Anchor, and Bandit.  Tim is an experienced software and systems developer, with demonstrated ability to design and build secure solutions to difficult problems with requirements ranging from large networked systems to raw performance.  Tim has also delivered... Read More →


Thursday May 21, 2015 1:30pm - 2:10pm
Room 114/115

Attendees (110)