🎫 Meet us at KubeCon + CloudNativeCon NA · Nov 12-15 · Salt Lake City REGISTER TODAY

Search

    Join
    2 MIN READ

    How to report security vulnerabilities to the Linux Foundation

    The Linux Foundation | 12 November 2020

    We at The Linux Foundation (LF) work to develop secure software in our foundations and projects, and we also work to secure the infrastructure we use. But we’re all human, and mistakes can happen.

    So if you discover a security vulnerability in something we do, please tell us!

    If you find a security vulnerability in the software developed by one of our foundations or projects, please report the vulnerability directly to that foundation or project. For example, Linux kernel security vulnerabilities should be reported to <security@kernel.org> as described in security bugs. If the foundation/project doesn’t state how to report vulnerabilities, please ask them to do so. In many cases, one way to report vulnerabilities is to send an email to <security@DOMAIN>.

    If you find a security vulnerability in the Linux Foundation’s infrastructure as a whole, please report it to <security@linuxfoundation.org>, as noted on our contact page.

    For example, security researcher Hanno Böck recently alerted us that some of the retired linuxfoundation.org service subdomains were left delegated to some cloud services, making them potentially vulnerable to a subdomain takeover. Once we were alerted to that, the LF IT Ops Team quickly worked to eliminate the problem and will also be working on a way to monitor and alert about such problems in the future. We thank Hanno for alerting us!

    We’re also working to make open source software (OSS) more secure in general. The Open Source Security Foundation (OpenSSF) is a broad initiative to secure the OSS that we all depend on. Please check out the OpenSSF if you’re interested in learning more.

    David A. Wheeler

    Director, Open Source Supply Chain Security, The Linux Foundation
    Similar Articles
    Meet LF Security: Your gateway to security-related efforts and projects across the Linux Foundation
    How to Navigate the Complexity of Open Source License Compliance
    The OpenChain Security Assurance Specification 1.1 Is Now Available
    Browse Categories

    2023 Compliance and Security Cloud Computing Open Source Projects Linux How-To Diversity & Inclusion 2024 LF Research Open Source Best Practices Blog Linux Foundation Newsletter 2022 Training and Certification Cross Technology Research Linux lf blog LFX cybersecurity research report software development AI Cloud Native Computing Foundation Legal Topic: Data project news Announcements In the news Networking and Edge OpenSearch linux blog Data Governance Energy Featured Events Financial Services Industry: Finance Industry: Fintech Interoperability LF Energy Open Mainframe Open Models OpenChain System Administration This week at FINOS Topic: Security Topic: Sustainability brand perception cloud native cncf confidential computing challenges eBPF generative AI human capital japan spotlight kernel lf events license compliance maintainer openssf sbom tech talent techtalentsurvey updates

    Stay Connected with the Linux Foundation