[Openstack-security] Security Note (OSSN) Process
Nathan Kinder
nkinder at redhat.com
Mon Jan 13 16:24:41 UTC 2014
Hi,
I have started to put together a wiki page skeleton outlining the
process to follow when writing a new Security Note (OSSN). I think it's
far enough along to share. Any feedback and suggestions would be
appreciated! The new page is available here:
https://wiki.openstack.org/wiki/Security/Security_Note_Process
There are a few things that I think need to be added or clarified:
- Do we want to change the numbering scheme? We've discussed using
something similar to the OSSA numbering scheme (YYYY-XX). This would be
an improvement over what we currently use (Launchpad bug #).
- When is a CVE needed, and how is CVE filing handled? Should we
consult with the VMT team and let them make the determination?
Thanks,
-NGK
More information about the Openstack-security
mailing list