OpenStack historically had two security organizations - the Vulnerability Management Team (VMT) and the OpenStack Security Group (OSSG).
These organizations have now combined under the Security Project. The VMT continues to operate as a largely independent body for confidentially handling vulnerabilities but with stronger ties to the Security Project as a whole, which leads efforts to make OpenStack more secure through education, software tooling and security evangelism.
- Security Project wiki page
- Security experts and auditors working on OpenStack security
- Publishes OSSN (OpenStack Security Notes)
- Advises on Vulnerability Metrics