Security vulnerability reporting forum for OpenDistro


Using opendistro-for-elasticsearch, if there are any security vulnerabilities reported in security scans (like QualysGuard, Nessus etc), what forum can we use to report the vulnerability or share our security concerns?
I see Vulnerability Reporting - Amazon Web Services (AWS) provides some details regarding this, but wanted to ensure if this is applicable for OpenDistro project as well?


I just want to raise the priority of the above question asked by Shivani. Security vulnerability handling is a major consideration for our team to finalize on using OpenDistro for elasticsearch. An answer would be appreciable.

1 Like