Jump to: navigation, search


Reporting security issues

Please report any security issues you find in OpenDaylight to: security@lists.opendaylight.org

Anyone can post to this list. The subscribers are only trusted individuals who will handle the resolution of any reported security issues in confidence. In your report, please note how you would like to be credited for discovering the issue and the details of any embargo you would like to impose.

The OpenDaylight vulnerability management process is documented here.

Security Response Team

At the December, 18th 2014 TSC meeting, the TSC approved the first security response team including:

  • Chris Wright
  • Robert Varga
  • Ed Warnicke
  • David Jorm
  • Kurt Seifried

At the May 26th, 2016 TSC meeting, the TSC added:

  • Ryan Goulding

At the May 18th, 2017 TSC meeting, the TSC added:

  • Lori Jakab

This can be reached at the above private security mailing list.

Security advisories

The security advisories page lists all security vulnerabilities fixed in OpenDaylight.

Secure engineering

An effort is currently underway to bootstrap a pro-active secure engineering effort, similar to OpenStack's OSSG. A presentation on the secure engineering vision for OpenDaylight is available here. If you are interested in assisting with this effort, please see the summer internship project proposal.

Other Documents