openSUSE:Security team

Security

Security features - Security incident handling - Security team

Introduction

The SUSE Security Team takes care of the security of the Linux products, both the community products (openSUSE distribution, the buildservice code, etc.) and enterprise products (e.g. SUSE Linux Enterprise Server and Desktop).

Contact Details

You can mail us at security@suse.de
You can involve us in discussions on GitHub by tagging @opensuse/security
security-announce@lists.opensuse.org - Publication of security announcements.
Subscribe - Unsubscribe - Help - Archives
security@lists.opensuse.org - Discussion forum for security topics.
Subscribe - Unsubscribe - Help - Archives
There is also security related IRC channel #openSUSE-security

Members

The security team includes the following SUSE employees:

Alexander Bergmann
Andrea Mattiazzo
Camila Camargo de Matos
Cathy Hu
Emanuele Cappello
Filippo Bonazzi
Gabriele Sonnu
Gianluca Gabrielli
Johannes Segitz
Matthias Gerstner
Paolo Perego
Robert Frohl
Thomas Leroy
Wolfgang Frisch

Project manager Security:

Marcus Meißner

Teamlead:

Stoyan Manolov

Areas of work

We work in the following large areas:

Reactive work

That's what you see as security updates. We monitor mailinglists, coordinate between vendors, check software releases, and receive reports and drive the security update process of the openSUSE and SUSE Linux based products during their lifetime.

This is summarized on the page incident handling.

Our SUSE Linux Enterprise security page can be found at https://www.suse.com/security/
If you want to report an incident, mail security@suse.de
Our GPG key is on the website above, every CD 1 and on the keyservers. (new key ID: 0xB205E69BAB2FD922, old key ID: 0x21FE92322BA9E067)

Fingerprint:

pub   rsa4096/0xB205E69BAB2FD922 2020-03-10 [SC] [expires: 2026-01-25]
      Key fingerprint = 2BAB 445F B9B4 F0D3 30E4  7CB0 B205 E69B AB2F D922
uid           [  full  ] SUSE Security Team <security@suse.de>
uid           [  full  ] SUSE Security Team <security@suse.com>
sub   rsa4096/0xA679ED66FD417627 2020-03-10 [E] [expires: 2026-01-25]

(as this is a community editable Wiki page, please cross check against other sources, like our DVD and that the key is signed by trusted parties)

Proactive work

We regularly check packages contained in our Linux distributions. We focus on security critical packages, network daemons, setuid programs and similar (see Package Security Guidelines). We also work on the Security Features.

We also try to replace security critical daemons or setuid binaries by technologies less prone to attacks.

Please see our policy on details how and when we disclose security issues found by us.