Barcelona, Spain
October 25-28, 2016

Event Details

Please note: All times listed below are in Central Time Zone

I Found a Security Bug: What Happens Next?

In this session we’ll introduce the OpenStack Common Vulnerabilities and Exposures (CVE) process to those who aren't familiar with OpenStack bug report.

We’ll demonstrate the OpenStack vulnerability management team's typical workflow for handling security vulnerability reports, and we’ll share practical tips and tricks based on previous CVE bugs. You’ll learn how to successfully report a security bug in OpenStack, how we triage security reports, and what happens when a security fix is released.

What can I expect to learn?

The attendees should expect to learn:

  • How to report a security bug,
  • How the VMT triages security reports,
  • The definition of an embargoed disclosure, and
  • What happens when a security fix is released.


Tuesday, October 25, 2:15pm-2:55pm (12:15pm - 12:55pm UTC)
Difficulty Level: Intermediate
Red Hat
OpenStack Vulnerability Management Team (VMT) member working at Red Hat. FULL PROFILE
Red Hat
Matthew is a Principal Software Engineer at Red Hat working on OpenShift on OpenStack. FULL PROFILE