Embargo
Vulnerability Management Subcommittee takes every issue very seriously. That's why every new issue created in Vulnerabilities Reporting Jira is visible only to VMS members. Additionally, all members of Vulnerability Management Subcommittee declares to follow embargo policy and don't publish, talk, mention not yet publish vulnerabilities with unauthorized 3rd parties.
To remind members about that policy, every Vulnerabilities Reporting Jira ticket should contain below embargo notice in the description:
Embargo notice
This issue is being treated as a potential security risk under embargo.
Please do not make any public mention of embargoed (private) security vulnerabilities before their coordinated publication by the ONAP Vulnerability Subcommittee in the form of an official ONAP Security Advisory.
This includes discussion of the bug or associated fixes in public forums such as mailing lists, code review systems, jira and wiki.
Please also avoid private disclosure to other individuals not already approved for access to this information, and provide this same reminder to those who are made aware of the issue prior to publication.
All discussion should remain confined to this private bug report, and any proposed fixes should be added to the bug as attachments.