openSUSE:Security team

Jump to: navigation, search



The SUSE Security Team takes care of the security of the Linux products, both the community products (openSUSE distribution, the buildservice code, etc.) and enterprise products (e.g. SUSE Linux Enterprise Server and Desktop).

Contact Details


The security team includes the following SUSE employees:

  • Alexander Bergmann
  • Alexandros Toptsoglou
  • Johannes Segitz
  • Malte Kraus
  • Matthias Gerstner
  • Robert Frohl
  • Wolfgang Frisch

Project manager Security:


Areas of work

We work in following large areas:

Reactive work

Thats what you see as security updates. We monitor mailinglist, coordinate between vendors, check software releases, and receive reports and drive the security update process of the openSUSE and SUSE Linux based products during their lifetime.

This is summarized on the page incident handling.

  • Our SUSE Linux Enterprise security page can be found at
  • If you want to report an incident, mail
  • Our GPG key is on every CD 1 and on the keyservers. (new key ID: 317CD502, old key ID: 3D25D3D9)


pub   4096R/317CD502 2014-10-02
      Key fingerprint = E502 243D F6B7 E939 EA1B  4A0E 58FC 58B1 317C D502
uid       [  full  ] SUSE Security Team <>
sub   4096R/0DE80E03 2014-10-02

(as this is a community editable Wiki page, please cross check against other sources, like our DVD and that the key is signed by trusted parties)

Proactive work

We regulary check packages contained in our Linux distributions. We focus on security critical packages, network daemons, setuid programs and similar. We also work on the Security Features.

We also try to replace security critical daemons or setuid binaries by technologies less prone to attacks.

Please see our policy on details how and when we disclose security issues found by us.


We research security related technologies.