Security Teams

OpenStack historically had two security organizations - the Vulnerability Management Team (VMT) and the OpenStack Security Group (OSSG).

These organizations have now combined under the Security Project. The VMT continues to operate as a largely independent body for confidentially handling vulnerabilities but with stronger ties to the Security Project as a whole, which leads efforts to make OpenStack more secure through education, software tooling and security evangelism.

Security Project

 * Security Project wiki page
 * https://launchpad.net/~openstack-ossg
 * http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
 * Security experts and auditors working on OpenStack security
 * Publishes OSSN (OpenStack Security Notes)
 * Advises on Vulnerability Metrics

Vulnerability Management team (VMT)

 * https://launchpad.net/~openstack-vuln-mgmt
 * Handles incoming vulnerability reports, following VulnerabilityManagement
 * Publishes OSSA (OpenStack Security Advisories)