Jump to: navigation, search

Difference between revisions of "Security Teams"

(OpenStack Security Group (OSSG))
(Security SIG)
 
(4 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 +
OpenStack historically had two security organizations - the Vulnerability Management Team (VMT) and the OpenStack Security Group (OSSG).
 +
 +
These organizations have now combined under the [[Security|Security Project]]. The VMT continues to operate as a largely independent body for confidentially handling vulnerabilities but with stronger ties to the Security Project as a whole, which leads efforts to make OpenStack more secure through education, software tooling and security evangelism.
 +
 +
==Security SIG ==
 +
* [[Security-SIG|Security SIG wiki page]]
 +
* Security experts and auditors working on OpenStack security
 +
* Publishes OSSN (OpenStack Security Notes)
 +
* Advises on [[Security/OSSA-Metrics|Vulnerability Metrics]]
 +
 
== Vulnerability Management team (VMT) ==
 
== Vulnerability Management team (VMT) ==
 
* https://launchpad.net/~openstack-vuln-mgmt
 
* https://launchpad.net/~openstack-vuln-mgmt
 
* Handles incoming vulnerability reports, following [[VulnerabilityManagement]]
 
* Handles incoming vulnerability reports, following [[VulnerabilityManagement]]
 
* Publishes OSSA (OpenStack Security Advisories)
 
* Publishes OSSA (OpenStack Security Advisories)
 
== OpenStack Security Group (OSSG) ==
 
* https://launchpad.net/~openstack-ossg
 
* [[Security/Projects|Security projects wiki page]]
 
* http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
 
* Security experts and auditors working on OpenStack security
 
* Publishes OSSN (OpenStack Security Notes)
 
* Advises on [[Security/OSSA-Metrics|Vulnerability Metrics]]
 

Latest revision as of 20:07, 14 April 2025

OpenStack historically had two security organizations - the Vulnerability Management Team (VMT) and the OpenStack Security Group (OSSG).

These organizations have now combined under the Security Project. The VMT continues to operate as a largely independent body for confidentially handling vulnerabilities but with stronger ties to the Security Project as a whole, which leads efforts to make OpenStack more secure through education, software tooling and security evangelism.

Security SIG

Vulnerability Management team (VMT)