Hi all, Although for a long time now, in practice, we've been using the Vulnerability Management team (VMT) process to triage, embargo, and resolve Ironic security bugs, we've now done the legwork needed to be officially managed by the VMT. The following Ironic projects are now VMT-managed[0]: - ironic - ironic-inspector - ironic-python-agent - ironic-lib - networking-baremetal - networking-generic-switch - python-ironicclient - python-ironic-inspector-client - sushy As per VMT policy[1]. the launchpad bug trackers for these projects have been updated to only allow access by the VMT to initial private-security bug reports. If there are any questions, please just ask! Thanks, Jay Faulkner 0: https://opendev.org/openstack/ossa/commit/b68aaa0652ec83b1349dddcdc334b75722... 1: https://security.openstack.org/repos-overseen.html#requirements (number 4)