Jump to: navigation, search

Vulnerability Management

Revision as of 13:25, 25 October 2011 by ThierryCarrez (talk)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Vulnerability Management

Vulnerabilities are handled by the OpenStack vulnerability management team.

This team is responsible for coordinating the progressive disclosure of a vulnerability:

  1. Getting PTL and key core developers on board with original reporter to develop a fix
  2. Warn public cloud providers and downstream distributions
  3. Coordinate public disclosure with all affected parties

Members of the team are independent and security-minded folks that will not give prior notice to their employer before other downstream users.