The Eclipse Foundation's security team has some security expertise, but its primary role is to redirect vulnerability reports and other security issues reported via the security@xxxxxxxxxxx
email alias to the right place.
To this end, it would be handy to have a representative from the Adoptium PMC to help make sure that issues related to Adoptium are promptly triaged and addressed. The designated representative would be added to the alias and then expected to respond only to those messages that target Adoptium projects, and ignore everything else.
Note that while we do get a lot of spam at that alias, it's moderated (by me) and the actual volume of messages that you will receive is on the order of one or two messages per week. Note that we do not archive anything received at this alias.
Can I get a volunteer to work on behalf of Adoptium, please?
Management Organization | Eclipse Foundation