[OpenDaylight TSC] forming the security response team

Colin Dixon colin at colindixon.com
Wed Dec 17 23:17:19 UTC 2014


As of right now, the current (grandfathered in) security response team is:
* Chris Wright
* Ed Warnicke
* Robert Varga
* Ryan Moats

The following people are also subscribed to the security@ mailing list, but
for what I view as organization reasons and are not formally part of the
security team.
* Colin Dixon
* Neela Jaques
* Phil Robb

I'd like to formally vote on the initial members of security response team
tomorrow if at all possible.

Please note that I see the security response team as a pretty significant
responsibility that's likely to produce intense, time-critical work at
effectively random times with some regularity. So, please don't sign up or
stay on the list unless that's what you're signing up for.

That being said:
1.) Is anyone on the list who would like to be taken off?
2.) Is there anyone else that desperately wants to be on the list?
3.) Do we have somebody with a track record in the ODL community and deep
experience with the security community who would be willing to help?

It seems like working with David Jorm and Kurt Seifried—both of whom have
volunteered—makes sense, but I'd like to hear what the TSC thinks as well.

My personal take is that David Jorm was the person who finally brought the
issue to our attention, worked with us in good faith, and seems to have an
excellent reputation in open source security, an in particular Java.

Chris Wright can probably speak to Kurt more than I can, but it seems like
keeping him on the list to create CVEs (vulnerability identifiers) and
generally help with responsible disclosure would be a good move.

Cheers,
--Colin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendaylight.org/pipermail/tsc/attachments/20141217/3f441d4e/attachment.html>


More information about the TSC mailing list