Jump to: navigation, search

StarlingX/Security/Vulnerability Management

< StarlingX‎ | Security
Revision as of 14:28, 26 October 2018 by Kenyis (talk | contribs) (Process)

Vulnerability Management Process

The StarlingX Vulnerability Management Team (VMT) is responsible for coordinating the progressive disclosure of a vulnerability.

Members of the team are independent and security-minded folks who ensure that vulnerabilities are dealt with in a timely manner and that downstream stakeholders are notified in a coordinated and fair manner. Where a member of the team is employed by a downstream stakeholder, the member does not give their employer prior notice of any vulnerabilities. In order to reduce the disclosure of vulnerability in the early stages, membership of this team is intentionally limited to a small number of people.

Supported versions

The Vulnerability Management team coordinates patches fixing vulnerabilities in supported stable branches (corresponding to previous major releases) of OpenStack, in addition to the master branch (next version under development), for all security supported projects.

Process

Each security bug is assigned a VMT coordinator (member from the vulnerability management team) that will drive the fixing and disclosure process. Here are the steps we follow. File:Https://security.openstack.org/ images/vmt-process.png

Retrieved from "https://wiki.openstack.org/w/index.php?title=StarlingX/Security/Vulnerability_Management&oldid=166321"