Vulnerability Management Team — OpenStack Security Advisories 0.0.1.dev286 documentation

<!DOCTYPE html> <html lang="en" data-content_root="./"> <head> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" /> <title>Vulnerability Management Team — OpenStack Security Advisories 0.0.1.dev286 documentation</title> <link rel="stylesheet" type="text/css" href="_static/pygments.css?v=639405c8" /> <link rel="stylesheet" type="text/css" href="_static/basic.css?v=fb9458d3" /> <script src="_static/documentation_options.js?v=84aa02c6"></script> <script src="_static/doctools.js?v=9a2dae69"></script> <script src="_static/sphinx_highlight.js?v=dc90522c"></script> <link rel="search" title="Search" href="search.html" /> <link rel="next" title="Vulnerability Management Process" href="vmt-process.html" /> <link rel="prev" title="Repositories Overseen" href="repos-overseen.html" /> <meta name="viewport" content="width=device-width, initial-scale=1">  <link href="_static/css/bootstrap.min.css" rel="stylesheet">  <link href="_static/css/font-awesome.min.css" rel="stylesheet">  <link href="_static/css/combined.css" rel="stylesheet">  <link href="_static/css/search.css" rel="stylesheet">  <link href="_static/pygments.css" rel="stylesheet">     <script> (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-17511903-1', 'auto'); ga('send', 'pageview'); </script>  </head><body>  <script> (function (window, document) { var loader = function () { var script = document.createElement("script"), tag = document.getElementsByTagName("script")[0]; script.src = "https://search.openstack.org/widget/embed.min.js?t="+Date.now(); tag.parentNode.insertBefore(script, tag); }; window.addEventListener ? window.addEventListener("load", loader, false) : window.attachEvent("onload", loader); })(window, document); </script> <nav class="navbar navbar-default" role="navigation"> <div class="container">  <div class="navbar-header"> <button class="navbar-toggle" data-target="#bs-example-navbar-collapse-1" data-toggle="collapse" type="button"> <span class="sr-only">Toggle navigation</span> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <div class="brand-wrapper"> <a class="navbar-brand" href="https://www.openstack.org/"></a> </div> <div class="search-icon show"><i class="fa fa-search"></i> Search</div></div> <div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1"> <div class="search-container tiny"> <div class="openstack-search-bar" data-baseUrl="search.openstack.org" data-context="docs-openstack"></div> </div> <ul class="nav navbar-nav navbar-main show"> <li class="search-container-mobile"> <div class="openstack-search-bar" data-baseUrl="search.openstack.org" data-context="docs-openstack"></div> </li> <li>  <a href="https://www.openstack.org/software/" class="drop" id="dropdownMenuSoftware">Software <i class="fa fa-caret-down"></i></a> <ul class="dropdown-menu" role="menu" aria-labelledby="dropdownMenuSoftware"> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/software/">Overview</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/software/project-navigator/openstack-components">OpenStack Components</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/software/project-navigator/sdks">SDKs</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/software/project-navigator/deployment-tools">Deployment Tools</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/assets/software/projectmap/openstack-map.pdf" target="_blank">OpenStack Map</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/software/sample-configs/">Sample Configs</a></li> </ul> </li> <li>  <a href="https://www.openstack.org/use-cases/" class="drop" id="dropdownMenuUsers">Use Cases <i class="fa fa-caret-down"></i></a> <ul class="dropdown-menu" role="menu" aria-labelledby="dropdownMenuUsers"> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/use-cases/">Users in Production</a></li> <li role="presentation" class="divider"></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/use-cases/bare-metal/">Ironic Bare Metal</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/use-cases/edge-computing/">Edge Computing</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/use-cases/telecoms-and-nfv/">Telecom & NFV</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/use-cases/science/">Science and HPC</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/use-cases/containers/">Containers</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/use-cases/enterprise/">Enterprise</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/surveys/landing">User Survey</a></li> </ul> </li> <li>  <a href="https://openinfra.dev/summit" class="drop" id="dropdownMenuEvents">Events <i class="fa fa-caret-down"></i></a> <ul class="dropdown-menu" role="menu" aria-labelledby="dropdownMenuEvents"> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://openinfra.dev/summit">OpenInfra Summit</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/ptg/">Project Teams Gathering</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/events/opendev-2020/">OpenDev</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/events/community-events/">Community Events</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/events/openstackdays">OpenStack & OpenInfra Days</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/videos/">Summit Videos</a></li> </ul> </li> <li> <a href="https://www.openstack.org/community/" class="drop" id="dropdownMenuCommunity">Community <i class="fa fa-caret-down"></i></a> <ul class="dropdown-menu" role="menu" aria-labelledby="dropdownMenuCommunity"> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/community/">Welcome! Start Here</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/community/tech-committee">OpenStack Technical Committee</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/community/speakers/">Speakers Bureau</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="http://wiki.openstack.org">OpenStack Wiki</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/coa/">Get Certified (COA)</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/community/jobs/">Jobs</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/marketing/">Marketing Resources</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/news/">Community News</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="http://superuser.openstack.org">Superuser Magazine</a></li> <li role="presentation" class="divider"></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/community/supporting-organizations/">OpenInfra Foundation Supporting Organizations</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://openinfra.dev">OpenInfra Foundation</a></li> </ul> </li> <li> <a href="https://www.openstack.org/marketplace/" class="drop" id="dropdownMenuLearn">Marketplace <i class="fa fa-caret-down"></i></a> <ul class="dropdown-menu dropdown-hover" role="menu" aria-labelledby="dropdownMenuEvents"> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/marketplace/training/">Training</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/marketplace/distros/">Distros & Appliances</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/marketplace/public-clouds/">Public Clouds</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/marketplace/hosted-private-clouds/">Hosted Private Clouds</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/marketplace/remotely-managed-private-clouds/">Remotely Managed Private Clouds</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/marketplace/consulting/">Consulting & Integrators</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/marketplace/drivers/">Drivers</a></li> </ul> </li> <li> <a href="https://www.openstack.org/blog/">Blog</a> </li> <li> <a href="http://docs.openstack.org/">Docs</a> </li> <li class="join-nav-section">  <a href="https://openinfra.dev/join/" id="dropdownMenuJoin">Join <i class="fa fa-caret-down"></i></a> <ul class="dropdown-menu dropdown-hover" role="menu" aria-labelledby="dropdownMenuJoin" style="display: none;"> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://openinfra.dev/join/">Sign up for Foundation Membership</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://openinfra.dev/join/">Sponsor the Foundation</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://openinfra.dev">More about the Foundation</a></li> </ul> </li> <li>  <a href="https://www.openstack.org/Security/login/?BackURL=/home/" class="sign-in-btn">Log In</a> </li> </ul> </div> </div>  </nav> <div class="container docs-book-wrapper"> <div class="row"> <div class="col-lg-9 col-md-8 col-sm-8 col-lg-push-3 col-md-push-4 col-sm-push-4"> <div class="row docs-title"> <div class="col-lg-8"> <h1>Vulnerability Management Team</h1> </div> <div class="docs-actions"> <a href="repos-overseen.html"><i class="fa fa-angle-double-left" data-toggle="tooltip" data-placement="top" title="Previous: Repositories Overseen"></i></a> <a href="vmt-process.html"><i class="fa fa-angle-double-right" data-toggle="tooltip" data-placement="top" title="Next: Vulnerability Management Process"></i></a> <a id="logABugLink1" href="" target="_blank" title="Found an error? Report a bug against this page"><i class="fa fa-bug" data-toggle="tooltip" data-placement="top" title="Report a Bug"></i></a> </div> </div> <div class="row"> <div class="col-lg-12"> <div class="docs-body" role="main"> <section id="vulnerability-management-team"> <h1>Vulnerability Management Team<a class="headerlink" href="#vulnerability-management-team" title="Link to this heading">¶</a></h1> <p>An autonomous subgroup of vulnerability management specialists with in the security team make up the OpenStack vulnerability management team (VMT). Their job is facilitating the reporting of vulnerabilities, coordinating security fixes and handling progressive disclosure of the vulnerability information. Specifically, they are responsible for the following functions:</p> <ul class="simple"> <li><p>Vulnerability Management: All vulnerabilities discovered by community members (or users) can be reported to the Team.</p></li> <li><p>Vulnerability Tracking: The Team will curate a set of vulnerability related issues in the issue tracker. Some of these issues will be private to the Team and the affected product leads, but once remediated, all vulnerabilities will be public.</p></li> <li><p>Coordinated Disclosure: As part of our commitment to work with the security community, the Team will ensure that proper credit is given to security researchers who report issues in OpenStack.</p></li> </ul> <p>To directly reach members of the VMT, contact them at the following addresses (optionally encrypted for the indicated OpenPGP keys):</p> <ul class="simple"> <li><p>Jeremy Stanley <<a class="reference external" href="mailto:fungi%40yuggoth.org">fungi<span>@</span>yuggoth<span>.</span>org</a>>: <a class="reference external" href="_static/0x97ae496fc02dec9fc353b2e748f9961143495829.txt">key 0x97ae496fc02dec9fc353b2e748f9961143495829</a></p></li> <li><p>Matthew Thode <<a class="reference external" href="mailto:mthode%40mthode.org">mthode<span>@</span>mthode<span>.</span>org</a>>: <a class="reference external" href="_static/0x14b91caaf68c4849f90ca41333ed3fd25afc78ba.txt">key 0x14b91caaf68c4849f90ca41333ed3fd25afc78ba</a></p></li> <li><p>Jay Faulkner <<a class="reference external" href="mailto:jay%40jvf.cc">jay<span>@</span>jvf<span>.</span>cc</a>>: <a class="reference external" href="_static/0xbc5d589ac18b498b96a84fad6b75d939b424c6d4.txt">key 0xbc5d589ac18b498b96a84fad6b75d939b424c6d4</a></p></li> <li><p>Brian Rosmaita <<a class="reference external" href="mailto:rosmaita.fossdev%40gmail.com">rosmaita<span>.</span>fossdev<span>@</span>gmail<span>.</span>com</a>>: <a class="reference external" href="_static/0x5b47a3fdd66cabb249786653e834c62762d8856c.txt">key 0x5b47a3fdd66cabb249786653e834c62762d8856c</a></p></li> </ul> <p>See <a class="reference internal" href="vmt-process.html"><span class="doc">Vulnerability Management Process</span></a> for details on our open process.</p> </section> </div> </div> </div> <div class="docs-actions"> <a href="repos-overseen.html"><i class="fa fa-angle-double-left" data-toggle="tooltip" data-placement="top" title="Previous: Repositories Overseen"></i></a> <a href="vmt-process.html"><i class="fa fa-angle-double-right" data-toggle="tooltip" data-placement="top" title="Next: Vulnerability Management Process"></i></a> <a id="logABugLink3" href="" target="_blank" title="Found an error? Report a bug against this page"><i class="fa fa-bug" data-toggle="tooltip" data-placement="top" title="Report a Bug"></i></a> </div> <div class="row docs-byline bottom"> <div class="docs-updated">this page last updated: 2024-05-01 17:04:36</div> </div> <div class="row"> <div class="col-lg-8 col-md-8 col-sm-8 docs-license"> <a href="https://creativecommons.org/licenses/by/3.0/"> <img src="_static/images/docs/license.png" alt="Creative Commons Attribution 3.0 License"/> </a> <p> Except where otherwise noted, this document is licensed under <a href="https://creativecommons.org/licenses/by/3.0/">Creative Commons Attribution 3.0 License</a>. See all <a href="https://www.openstack.org/legal"> OpenStack Legal Documents</a>. </p> </div> <div class="col-lg-4 col-md-4 col-sm-4 docs-actions-wrapper">  <a href="#" id="logABugLink2" class="docs-footer-actions"><i class="fa fa-bug"></i> found an error? report a bug</a> </div> </div> </div> <div class="col-lg-3 col-md-4 col-sm-4 col-lg-pull-9 col-md-pull-8 col-sm-pull-8 docs-sidebar"> <div class="btn-group docs-sidebar-releases"> <button onclick="location.href='/'" class="btn docs-sidebar-home" data-toggle="tooltip" data-placement="top" title="OpenStack Docs Home"><i class="fa fa-arrow-circle-o-left"></i></button> <button type="button" data-toggle="dropdown" class="btn docs-sidebar-release-select">OpenStack Documentation<i class="fa fa-caret-down"></i></button> <ul class="dropdown-menu docs-sidebar-dropdown" role="menu"> <li role="presentation" class="dropdown-header">Guides</li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/index.html#install-guides">Install Guides</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/index.html#user-guides">User Guides</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/index.html#configuration-guides">Configuration Guides</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/index.html#ops-and-admin-guides">Operations and Administration Guides</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/index.html#api-guides">API Guides</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/index.html#contributor-guides">Contributor Guides</a></li> <li role="presentation" class="dropdown-header">Languages</li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/de/">Deutsch (German)</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/fr/">Français (French)</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/id/">Bahasa Indonesia (Indonesian)</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/it/">Italiano (Italian)</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/ja/">日本語 (Japanese)</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/ko_KR/">한국어 (Korean)</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/pt_BR/">Português (Portuguese)</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/tr_TR/">Türkçe (Türkiye)</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/zh_CN/">简体中文 (Simplified Chinese)</a></li> </ul> </div> <div class="docs-sidebar-toc"> </div> </div> </div> </div> <footer> <div class="container"> <div class="row footer-links"> <div class="col-lg-2 col-sm-2"> <h3>OpenStack</h3> <ul> <li><a href="https://www.openstack.org/software/project-navigator/">Projects</a></li> <li><a href="https://security.openstack.org/">OpenStack Security</a></li> <li><a href="https://openstack.org/blog/">Blog</a></li> <li><a href="https://openstack.org/news/">News</a></li> </ul> </div> <div class="col-lg-2 col-sm-2"> <h3>Community</h3> <ul> <li><a href="https://www.meetup.com/pro/openinfradev/">User Groups</a></li> <li><a href="https://openstack.org/community/events/">Events</a></li> <li><a href="https://openstack.org/community/jobs/">Jobs</a></li> <li><a href="https://openinfra.dev/members/">Companies</a></li> <li><a href="https://docs.openstack.org/contributors">Contribute</a></li> </ul> </div> <div class="col-lg-2 col-sm-2"> <h3>Documentation</h3> <ul> <li><a href="https://docs.openstack.org">OpenStack Manuals</a></li> <li><a href="https://openstack.org/software/start/">Getting Started</a></li> <li><a href="https://developer.openstack.org">API Documentation</a></li> <li><a href="https://wiki.openstack.org">Wiki</a></li> </ul> </div> <div class="col-lg-2 col-sm-2"> <h3>Branding & Legal</h3> <ul> <li><a href="https://openinfra.dev/legal">Legal Docs</a></li> <li><a href="https://openstack.org/brand/">Logos & Guidelines</a></li> <li><a href="https://openinfra.dev/legal/trademark-policy">Trademark Policy</a></li> <li><a href="https://openinfra.dev/privacy-policy">Privacy Policy</a></li> <li><a href="https://docs.openstack.org/contributors/common/setup-gerrit.html#individual-contributor-license-agreement">OpenInfra CLA</a></li> </ul> </div> <div class="col-lg-4 col-sm-4"> <h3>Stay In Touch</h3> <a href="https://twitter.com/OpenStack" target="_blank" class="social-icons footer-twitter"></a> <a href="https://www.facebook.com/openinfradev" target="_blank" class="social-icons footer-facebook"></a> <a href="https://www.linkedin.com/company/open-infrastructure-foundation" target="_blank" class="social-icons footer-linkedin"></a> <a href="https://www.youtube.com/user/OpenStackFoundation" target="_blank" class="social-icons footer-youtube"></a> <p class="fine-print"> The OpenStack project is provided under the <a href="https://www.apache.org/licenses/LICENSE-2.0">Apache 2.0 license</a>. Docs.openstack.org is powered by <a href="https://rackspace.com" target="_blank">Rackspace Cloud Computing</a>. </p> </div> </div> </div> </footer>  <script src="_static/js/jquery-3.2.1.min.js"></script>  <script src="_static/js/bootstrap.min.js"></script>  <script src="_static/js/navigation.js"></script>  <script src="_static/js/docs.js"></script>  <script> /* Build a description of this page including SHA, source location on git * repo, build time and the project's launchpad bug tag. Set the HREF of the * bug buttons */ var lineFeed = "%0A"; var gitURL = "Source: Can't derive source file URL"; /* there have been cases where "pagename" wasn't set; better check for it */ /* "giturl" is the URL of the source file on Git and is auto-generated by * openstackdocstheme. * * "pagename" is a standard sphinx parameter containing the name of * the source file, without extension. */ var sourceFile = "vmt" + ".rst"; gitURL = "Source: https://opendev.org/openstack/ossa/src/doc/source" + "/" + sourceFile; /* gitsha, project and bug_tag rely on variables in conf.py */ var gitSha = "SHA: 5b69c6e109ced7ab885f8b8c0478ea13211f2ff9"; var repositoryName = "openstack/ossa"; var bugProject = "ossa"; var bugTitle = "Vulnerability Management Team in OpenStack Security Advisories"; var fieldTags = ""; var useStoryboard = ""; /* "last_updated" is the build date and time. It relies on the conf.py variable "html_last_updated_fmt", which should include year/month/day as well as hours and minutes */ var buildstring = "Release: 0.0.1.dev286 on 2024-05-01 17:04:36"; var fieldComment = encodeURI(buildstring) + lineFeed + encodeURI(gitSha) + lineFeed + encodeURI(gitURL) ; logABug(bugTitle, bugProject, fieldComment, fieldTags, repositoryName, useStoryboard); </script> </body> </html>

CINXE.COM

Vulnerability Management Team — OpenStack Security Advisories 0.0.1.dev286 documentation