On Tue, Jul 2, 2019 at 10:09 AM Heinz Stockinger <[email protected]> wrote:
> Hello Nick, > > Thank you. Do you know who is responsible for security at guacamole? > This list is the right place. It's an open source project, and there's no specific group or person responsible for security. The community is. > We might want to do such a review and might also have some changes to > suggest and/or could contribute to the code. > Two notes, here: - Any vulnerabilities should be disclosed responsibly ( https://en.wikipedia.org/wiki/Responsible_disclosure), and should be reported privately to the security list. See http://guacamole.apache.org/faq/#security - Code contributions for security improvements should follow the same process as any other code contribution - we welcome security improvements, but, unless it involves a vulnerability (see above), it isn't handled any differently than other contributions. See http://guacamole.apache.org/open-source/. -Nick >
