Security is a fundamental goal of the OpenStack architecture and needs to be addressed at all layers of the stack. Like any complex, evolving system security has to be vigilantly pursued, and exposures eliminated. We need your help.
If you think you've identified a vulnerability, please work with us to rectify and disclose the issue responsibly.
We provide two ways to report issues to the OpenStack Vulnerability Management Team depending on how sensitive the issue is:
||email@example.com||GPG Key For Jeremy Stanley|
|Tristan Cacquerayfirstname.lastname@example.org||GPG Key For Tristan Cacqueray|
|Thierry Carrezemail@example.com||GPG Key For Thierry Carrez|
|Grant Murphyfirstname.lastname@example.org||GPG Key For Grant Murphy|
The OpenStack Vulnerability Management team is a very small group of experts in vulnerability management drawn from the OpenStack community. Our job is facilitating the reporting of vulnerabilities, coordinating security fixes and handling progressive disclosure of the vulnerability information. Specifically, we are responsible for the following functions:
Other teams of security-conscious people in the OpenStack community work together to improve security in OpenStack, in particular working on:
You can find the full list of security-oriented teams you can join at http://wiki.openstack.org/SecurityTeams.