Vulnerability Management Team

An autonomous subgroup of vulnerability management specialists with in the security team make up the OpenStack vulnerability management team (VMT). Their job is facilitating the reporting of vulnerabilities, coordinating security fixes and handling progressive disclosure of the vulnerability information. Specifically, they are responsible for the following functions:

• Vulnerability Management: All vulnerabilities discovered by community members (or users) can be reported to the Team.

• Vulnerability Tracking: The Team will curate a set of vulnerability related issues in the issue tracker. Some of these issues will be private to the Team and the affected product leads, but once remediated, all vulnerabilities will be public.

• Coordinated Disclosure: As part of our commitment to work with the security community, the Team will ensure that proper credit is given to security researchers who report issues in OpenStack.

To directly reach members of the VMT, contact them at the following addresses (optionally encrypted for the indicated OpenPGP keys):

• Jeremy Stanley <fungi@yuggoth.org>: key 0x97ae496fc02dec9fc353b2e748f9961143495829

• Matthew Thode <mthode@mthode.org>: key 0x14b91caaf68c4849f90ca41333ed3fd25afc78ba

See Vulnerability Management Process for details on our open process.