As Apache CloudStack likely will play a critical role in an organization's infrastructure, we take information security seriously. Below you will find several pages which cover ACS security topics in more detail.
For general security-policy related questions that are not sensitive in nature, bring them up on the dev@cloudstack.apache.org mailing list.