Are you running OpenStack in production? Take the opportunity to provide anonymous feedback by taking the OpenStack User Survey before Friday, August 20, 2021.

OpenStack Earns Core Infrastructure Initiative Best Practices Badge for Security, Quality and Stability

security hero bkgd 2

New security white paper also published today; available at

AUSTIN, Texas // July 26, 2016 — The OpenStack® open source cloud software project has received the Core Infrastructure Initiative (CII) Best Practices Badge from The Linux Foundation. The CII, run by The Linux Foundation, is a multi-million dollar project to fund and support critical elements of the global information infrastructure.

In earning CII’s Best Practices Badge, OpenStack signals that it is committed to security-conscious development. The certification of OpenStack for the CII Project was spearheaded by the OpenStack Security Project team, including Travis McPeak who is also a senior security architect at IBM. Details of the specific tests passed can be found on the CII certification page for OpenStack.

“Open source is rapidly emerging as the preferred core software strategy for enterprises and service providers alike,” said McPeak. “These organizations seek third-party standards to measure adherence to best practices for security and stability. The CII Project has quickly grown to fill this critical need, and it’s a testament to the high quality of development among OpenStack contributors that we earned the CII Best Practices Badge so quickly.”

The CII Best Practices Badge arrives at the same time as a new OpenStack security brief. “Securing OpenStack Clouds” addresses questions surrounding security, compliance and privacy based on input from users and developers.

OpenStack security is a collaborative effort across thousands of developers who work together to ensure that OpenStack provides a robust, reliable and secure cloud for public, private and hybrid deployments. The OpenStack Security Project, and the Vulnerability Management Team within it, coordinates the work needed to identify, limit and resolve security issues and vulnerabilities across the OpenStack projects.

Determining the security of software is an industry-wide challenge for both proprietary and open source software. As the role of open source software has increased in supporting the world’s most critical infrastructure, it has become essential to both understand the best practices for security, quality and stability of this code and to be able to validate that criteria.

"OpenStack is rapidly becoming the cornerstone of public and private cloud deployments across the internet,” said Nicko van Someren, CTO, The Linux Foundation. “As more businesses and critical infrastructure rely on open source, it becomes increasingly important that projects like OpenStack take a security-first approach to its development process. We are delighted that such an important package has received the Best Practices Badge.”

Organizations interested in learning more about securing OpenStack clouds can join McPeak and other user and community experts at the OpenStack Summit in Barcelona. Visit for more information and to register.

About OpenStack
OpenStack® is the most widely deployed open source software for building clouds. In use globally at large and small enterprises, telecoms, service providers, and government/research organizations, OpenStack is a technology integration engine that supports the diverse ecosystem of cloud computing innovation. Current news and alerts signup at:


Media Contacts:
Robert Cathey
Cathey Communications for the OpenStack Foundation
m 865-386-6118
e [email protected]

Lauren Sell
OpenStack Foundation
e [email protected]