Vulnerability Management

Vulnerabilities are handled by the OpenStack vulnerability management team.

This team is responsible for coordinating the progressive disclosure of a vulnerability:

1. Getting PTL and key core developers on board with original reporter to develop a fix
2. Warn public cloud providers and downstream distributions
3. Coordinate public disclosure with all affected parties

Members of the team are independent and security-minded folks that will not give prior notice to their employer before other downstream users.