openSUSE:Security team

Jump to: navigation, search

Icon-security.png

Introduction

The SUSE Security Team takes care of the security of the Linux products, both the community products (openSUSE distribution, the buildservice code, etc.) and enterprise products (e.g. SUSE Linux Enterprise Server and Desktop).

Contact Details

Members

The security team includes the following SUSE employees:

  • Alexander Bergmann
  • Carlos López
  • Cathy Hu
  • Filippo Bonazzi
  • Gabriele Sonnu
  • Gianluca Gabrielli
  • Johannes Segitz
  • Mæve Rey
  • Matthias Gerstner
  • Paolo Perego
  • Robert Frohl
  • Thomas Leroy
  • Wolfgang Frisch

Project manager Security:

Teamlead:

  • Stoyan Manolov

Areas of work

We work in following large areas:

Reactive work

That's what you see as security updates. We monitor mailinglists, coordinate between vendors, check software releases, and receive reports and drive the security update process of the openSUSE and SUSE Linux based products during their lifetime.

This is summarized on the page incident handling.

  • Our SUSE Linux Enterprise security page can be found at https://www.suse.com/security/
  • If you want to report an incident, mail security@suse.de
  • Our GPG key is on the website above, every CD 1 and on the keyservers. (new key ID: 0xB205E69BAB2FD922, old key ID: 0x21FE92322BA9E067)

Fingerprint:

pub   rsa4096/0xB205E69BAB2FD922 2020-03-10 [SC] [expires: 2024-02-24]
      Key fingerprint = 2BAB 445F B9B4 F0D3 30E4  7CB0 B205 E69B AB2F D922
uid                   [  full  ] SUSE Security Team <security@suse.com>
uid                   [  full  ] SUSE Security Team <security@suse.de>
sub   rsa4096/0xA679ED66FD417627 2020-03-10 [E] [expires: 2024-02-24]

(as this is a community editable Wiki page, please cross check against other sources, like our DVD and that the key is signed by trusted parties)

Proactive work

We regularly check packages contained in our Linux distributions. We focus on security critical packages, network daemons, setuid programs and similar. We also work on the Security Features.

We also try to replace security critical daemons or setuid binaries by technologies less prone to attacks.

Please see our policy on details how and when we disclose security issues found by us.