Reporting security issues
Please report any security issues you find in OpenDaylight to: email@example.com
Anyone can post to this list. The subscribers are only trusted individuals who will handle the resolution of any reported security issues in confidence. In your report, please note how you would like to be credited for discovering the issue and the details of any embargo you would like to impose.
The OpenDaylight vulnerability management process is documented here.
Security Response Team
At the December, 18th 2014 TSC meeting, the TSC approved the first security response team including:
- Chris Wright
- Robert Varga
- Ed Warnicke
- David Jorm
- Kurt Seifried
At the May 26th, 2016 TSC meeting, the TSC added:
- Ryan Goulding
At the May 18th, 2017 TSC meeting, the TSC added:
- Lori Jakab
This can be reached at the above private security mailing list.
The security advisories page lists all security vulnerabilities fixed in OpenDaylight.
An effort is currently underway to bootstrap a pro-active secure engineering effort, similar to OpenStack's OSSG. A presentation on the secure engineering vision for OpenDaylight is available here. If you are interested in assisting with this effort, please see the summer internship project proposal.