English | Deutsch
Home » About


As one would expect from a security project, OpenVAS takes the security of the project and the software components we develop very seriously. Whilst we are comfortable with the idea of full disclosure and operate a public bug tracker and development mailing list through which the public at large can communicate with project developers regarding any concerns relating to the project, we also recognise that many security researchers feel more comfortable with the concept of responsible and co-ordinated disclosure.

Vulnerability handling process

An overview of the vulnerability handling process is:

Security contacts

Please note that we do not use a team OpenPGP key. If you wish to encrypt your e-mail to security@openvas.org then please use the OpenPGP keys of the members of the OpenVAS Steering Team and be aware that it may take us a little longer to respond to the issue.

Published advisories