The OpenStack Security Group (OSSG) and the OpenStack Vulnerability Management Team (VMT) have historically operated as independent teams, each with a focus on different aspects of OpenStack security. To present a more coherent security posture we are pleased to announce that the OSSG and VMT will be joining forces.
It is our hope that this merging of teams will help present a stronger and more mature security posture, both to the outside world and within OpenStack, and will make it easier for developers to engage with the security resources they need. Moving forward, the OSSG and VMT combined will apply to become a recognized project within OpenStack. We seek to mirror the successes of the documentation team and will be applying to become known simply as 'Security'. We are excited about the new opportunities this creates and are hopeful that it gives OpenStack a clearer security message. What is changing? Initially a huge work effort will be undertaken to restructure and rebrand existing documentation which will eventually be hosted under a new subdomain of openstack.org [1]. This will allow developers and consumers of OpenStack to easily find security resources such as the OpenStack Security Advisories, the Security Guide, Security Notes and Best Practices. Does this change how I report security issues? No. The existing vulnerability management process [2], and team members will remain the same. The VMT will maintain its independence and will continue to operate with the same level of confidentiality as before. How can I get involved? The security group is always looking for enthusiastic new members; there's a wiki article on how to get involved[3]. If you are interested, please come along to the weekly IRC meeting, or just start contributing. Asking the security group questions? Any general security questions that do not relate to a vulnerability within the OpenStack code base should be sent to the openstack-dev@lists.openstack.org address with the [security] in the subject line. 1. https://security.openstack.org 2. https://wiki.openstack.org/wiki/Vulnerability_Management 3. https://wiki.openstack.org/wiki/Security/How_To_Contribute __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
