Reporting Potential Vulnerabilities in Apache CloudStack

...

The PMC has decided to create a "Security Team" for CloudStack.  The Security Team's charter is to manage the response to vulnerabilities reported with Apache CloudStack.  This includes communication with the report, issue verification, issue correction, public communication creation, and vendor coordination.  The Security Team may ask assistance from other community members to help verify or correct a reported issue.

Members of the PMC are eligible to join the security team, but lurking is discouraged.

Community members engaged by the Security Team are expected to hold the issue in confidence until public announcement of the vulnerability.  This protects the users of the software and gives reasonable time for the response process to be implemented.  Further information can be found on the ASF's How it Works page.To read more about team membership and activities, please visit CloudStack Security Team

Scope of ACS Vulnerability Responses

...