The O3DE 24.09.0 Release is here! DOWNLOAD NOW

SECURITY

The Security SIG manages security reporting and initiatives for O3DE, including any issues that are identified and assigned to this SIG. It serves as an advisory group for security-related issues including compliance, security issue resolution, and security patching, and is responsible for maintaining vulnerability reporting and response mechanisms for O3DE. In addition, this SIG assists with other tasks that fall under the Application Security (AppSec) umbrella of concern.

Ready to contribute with like-minded community members?

QUICK LINKS

SCOPE
  • Triage and Acceptance of incoming security issues.
  • Creation and maintenance of mechanisms for the secure intake of vulnerability issues, including any security reporting email lists for O3DE.
  • Management of GitHub security advisories for the O3DE repos.
  • Management of any security disclosure mechanisms including email lists.
  • Assists in the selection or development of tooling and automation for security issue identification.
  • Runs security campaigns to resolve identified security issues, including deprecation of software components.
  • Provide SPDX (Software Package Data Exchange) scanning tools to detect violations.

Subscribe for the latest updates, events, webinars and community news