Reporting security issues
Please report any security issues you find in OpenDaylight to: firstname.lastname@example.org
Anyone can post to this list. The subscribers are only trusted individuals who will handle the resolution of any reported security issues in confidence. In your report, please note how you would like to be credited for discovering the issue and the details of any embargo you would like to impose.
The OpenDaylight vulnerability management process is documented here.
Security Response Team
At the December, 18th 2014 TSC meeting, the TSC approved the first security response team including:
- Chris Wright
- Robert Varga
- Ed Warnicke
- David Jorm
- Kurt Seifried
- Ryan Goulding
This can be reached at the above private security mailing list.
The security advisories page lists all security vulnerabilities fixed in OpenDaylight.
An effort is currently underway to bootstrap a pro-active secure engineering effort, similar to OpenStack's OSSG. A presentation on the secure engineering vision for OpenDaylight is available here. If you are interested in assisting with this effort, please see the summer internship project proposal.