cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Kinsella <...@stratosec.co>
Subject Reminder: potential security issues
Date Thu, 22 Jan 2015 01:52:50 GMT
Everyone - we’ve[1] noticed a commit recently that's related to improving the security of
CloudStack (I’m referring to the timing attack commit).

We love seeing folks have an interest in the security of CloudStack - the one request we make
is if you your work improves the security of ACS or patches a potential security vulnerability,
shoot security@cloudstack.apache.org<mailto:security@cloudstack.apache.org> a quick
note before you commit, submit code for review, or submit a pull request. We’ll take a quick
peek and let you know if we’re OK with you continuing with your thing, or if we want to
treat it as a formal security issue and run through the process at [2]. I do watch the commits
and scan for a collection of keywords that could indicate issues, but would rather catch issues
before they’re public.

Thanks for all your efforts!

John
1: (The security@cloudstack.apache.org<mailto:security@cloudstack.apache.org> “we”)
2: https://cloudstack.apache.org/security.html

ps for the record, I’m not really worried about somebody leveraging a timing attack vulnerability
so not too concerned about this case.
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message