Security Lead

The CSC designates a member as Security Lead, with responsibility for co-ordinating security posture. The Security Lead also keeps the CSC updated about vulnerabilities within Ceph and progress toward addressing them. The lead notably drives resolution of critical vulnerabilities.

A responsibility of this role will be to give a monthly status report to the CSC on vulnerabilities and novel security concerns, such as AI exploit scanners and quantum-resistant encryption. They will also update the CSC with new and improved security processes. The Security Lead is the point of contact for and has responsibility for ensuring the proper intake, triage, and assignment of security vulnerabilities, and coordinate open source unembargos of security vulnerabilities when fixes are ready. This person will maintain the security@ceph.io email list, checking it regularly, and ensuring stakeholder emails are kept up to date on an occasional basis.

Brought to you by the Ceph Foundation

The Ceph Documentation is a community resource funded and hosted by the non-profit Ceph Foundation. If you would like to support this and our other efforts, please consider joining now.