RE: [security-sig] Ask base recommendation for handling vulnerability which affects both OpenStack code and vendor code