OpenNMS Security

If you are a support customer (e.g. Meridian), please report security issues via your normal support channel.

Members of the Horizon community, security researchers, and the general public should submit security-related issues regarding our software and web applications via email to [email protected] We welcome the development community to review our code on GitHub and contribute security improvements.

OpenNMS follows these guidelines to responsibly disclose security vulnerabilities:

  • We do not publish vulnerabilities before releasing a fix for them
  • We do not publish exact details, such as proof-of-concept code

Unless instructed otherwise, OpenNMS will publicly acknowledge (via release notes and/or CVE) anyone that responsibly discloses vulnerabilities, following the same rules. Employees and contractors of OpenNMS and affiliates are excluded from public disclosure.

OpenNMS does not provide monetary awards for discovered vulnerabilities, however we greatly appreciate the time and effort that goes into vulnerability discovery, and we thank you for helping keep our platform and components as secure as possible.