Core reviewers, Please review this document: https://github.com/openstack/governance/blob/master/reference/tags/vulnerability_managed.rst It describes how vulnerability management is handled at a high level for Kolla. When we are ready, I want the kolla delivery repos vulnerabilities to be managed by the VMT team. By doing this, we standardize with other OpenStack processes for handling security vulnerabilities. The first step is to form a kolla-coresec team, and create a separate kolla-coresec tracker. I have already created the tracker for kolla-coresec and the kolla-coresec team in launchpad: https://launchpad.net/~kolla-coresec https://launchpad.net/kolla-coresec I have a history of security expertise, and the PTL needs to be on the team as an escalation point as described in the VMT tagging document above. I also need 2-3 more volunteers to join the team. You can read the requirements of the job duties in the vulnerability:managed tag. If your interested in joining the VMT team, please respond on this thread. If there are more then 4 individuals interested in joining this team, I will form the team from the most active members based upon liberty + mitaka commits, reviews, and PDE spent. Regards -steve -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160301/70864415/attachment.html>