Versions Compared

Old Version 2

changes.mady.by.user John Kinsella

Saved on

compared with

New Version Current

changes.mady.by.user John Kinsella

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Therefore, the process for non-committers with an interest or experience in information security would be that of any other contributor - participate in the community, submit patches, contact the security team with security issues (patches are always welcome, too!). As the PMC sees your contributions, you will be invited to become a committer, and can then request then petition the PMC to consider you for security team membership.

We realize this requires jumping through several hoops, but understand that our goal is to maintain a trustworthy group of people with an active, ongoing interest in Apache CloudStack (and the security of ACS), within the guidelines of an ASF project.

Pre-disclosure list

Well-established organizations with mature security processes for whom CloudStack is critical infrastructure may want to join the Security pre-disclosure list, which provides early notification of vulnerabilitites after discussion and remediation by the security team, before announcement to the general public.