Notice

This document is for a development version of Ceph.

Report a Documentation Bug

Security Working Group

In order to fully support Ceph, the security working group co-ordinates security improvements. This is essential as industry focuses more on security, and Ceph has become a mature software project. Vulnerabilities have increased in number and in complexity, and are expected to continue to do so. A reactive process is no longer adequate, and preemptive policies ought to be discussed within a group of knowledgeable and motivated people to ensure their viability.

We welcome involvement in the Security Working Group. Any reasonable stakeholder in Ceph Security is encouraged to join with the approval of the CSC and Security group. Any CSC member may nominate someone to join the working group and attend meetings. Should someone not attend meetings for 1+ years, or breach an embargo intentionally, they will be removed and notified.

By joining this working group, one may contribute to Ceph Security processes, see all embargoed bugs, and help coordinate fixes across upstream Ceph. There is no expectation to create security fixes, however, such efforts are welcome. The expectation is to triage, assign, and coordinate fixes as appropriate.

The responsibilities are to attend a twice-monthly meeting for the working group, report back to the CSC on a monthly basis and to uphold any embargos on reported vulnerabilities. Additionally, tasks will be shared among volunteers from the group, based on interest and availability.

Initial target projects are: Writing a Security Incident Response Process for Ceph, Writing an Embargo Process for Ceph, coordinating the fixes in our backlog of security bugs, coordinating penetration tests and scans of Ceph, reviewing dependencies and containers within Ceph for upgrades, and eventual collaboration on Ceph Quantum-Resistant encryption implementation.

Brought to you by the Ceph Foundation

The Ceph Documentation is a community resource funded and hosted by the non-profit Ceph Foundation. If you would like to support this and our other efforts, please consider joining now.