====== OPNFV Security Vulnerability Management (OSVM) ======

===== Work Item Team =====

 * [[lhinds@redhat.com|Luke Hinds (Red Hat)]]

===== Overview of OSVM =====

The OSVM process is the manage and coordinate the progressive disclosure and management of vulnerabilities reported or discovered within the opnfv-eco system and upstream projects.

The process inherits from the already present and well functioning OSSG VMT Process and follows the [[http://en.wikipedia.org/wiki/Responsible_disclosure|Responsible Disclosure Approach]]

===== Draft OSVM Embargoed Vulnerability Mgmt Process ===== 

{{ :security:osvm.png?nolink |}}

Inputs into etherpad please! https://etherpad.opnfv.org/p/opnfv-sec-osvm

The opnfv osvm process is licensed under CC Attribution 3.0 Unported and was kindly granted use by the OpenStack vulnerability Management Team. New additions / refinements made by the opnfv security group are also under a 3.0 Unported license.