The PMC has decided to create a "Security Team" for CloudStack. The Security Team's charter is to manage the response to vulnerabilities reported with Apache CloudStack. This includes private communication with the reporter, issue verification, issue correction, public communication around vulnerabilities, and vendor coordination. The Security Team may ask assistance from other community members to help verify or correct a reported issue.
Membership
Due to the sensitive nature of the content, the ACS Security Team is made up of mostly PMC members. Any communication on the mailing list is also sent to the general Apache security mailing list.
Members of the PMC are eligible to join the security team, but lurking is discouraged.
ACS committers with an information security background who wish to work with the security team on an ongoing basis should send an email to the PMC for membership consideration.
Community members engaged by the Security Team are expected to hold the issue in confidence until public announcement of the vulnerability. This protects the users of the software and gives reasonable time for the response process to be implemented. Further information can be found on the ASF's How it Works page.
Overview
Content Tools
Apps