Jump to: navigation, search


Reporting security issues

Please report any security issues you find in OpenDaylight to: security@lists.opendaylight.org

Anyone can post to this list. The subscribers are only trusted individuals who will handle the resolution of any reported security issues in confidence. In your report, please note how you would like to be credited for discovering the issue and the details of any embargo you would like to impose.

The OpenDaylight vulnerability management process is documented here.

Security Response Team

Current Members

  • Luke Hinds (Security Manager)
  • Robert Varga
  • Kurt Seifried
  • Ryan Goudling
  • Lori Jakab
  • Stephen Kitt

They can be reached at the above private security mailing list.

Audit Log of Changes

At the December, 18th 2014 TSC meeting, the TSC approved the first security response team including:

  • Chris Wright
  • Robert Varga
  • Ed Warnicke
  • David Jorm
  • Kurt Seifried

At the May 26th, 2016 TSC meeting, the TSC added:

  • Ryan Goulding

At the May 18th, 2017 TSC meeting, the TSC added:

  • Lori Jakab

At the July 6th, 2017 TSC meeting, the TSC added:

  • Stephen Kitt

Ed Warnicke asked to step down on June 29th 2017.

Chris Wright asked to step down on July 20th 2017.

Security advisories

The security advisories page lists all security vulnerabilities fixed in OpenDaylight.

Secure engineering

An effort is currently underway to bootstrap a pro-active secure engineering effort, similar to OpenStack's OSSG. A presentation on the secure engineering vision for OpenDaylight is available here. If you are interested in assisting with this effort, please see the summer internship project proposal.

Other Documents