Introducing: the Security Working Group

Hello Open edX community! :wave:

We (@feanil, @alangston, @pshiu) are starting a Security Working Group, with the goal of helping triage security issues and continuously improve the Open edX project’s security posture.

Please check out our charter in OEP-60.

:city_sunset: Background

Open edX is very fortunate to work with many security researchers around the globe to help identify and fix security vulnerabilities in our platform.

Historically, 2U/edX has handled most of this coordination, but we think it’s very important to open this opportunity up to the community.

We want to be a resource for maintainers as they fix security vulnerabilities and learn together how we should bring Open edX to the cutting edge of application security.

For more information, see the How We Work and What We Do sections of our Confluence page.

:handshake: Participate

We need you! One requirement: since much of our work is sensitive, if you are not yet a Core Contributor or Maintainer, please copy them on your email to us and have them nominate you.

If you’d like to join us…

As a working group member

Want to help us triage security issues and drive forward Open edX’s security posture? Email!

Folks new to security are warmly welcome. All you need is to be comfortable with reading code and being willing to be part of a 2 week triage rotation.

As a security expert or volunteer

Sometimes, maintainers can’t immediately fix pressing vulnerabilities, or we might not know how to help them fix it.

If you have some expertise with software security or would like to volunteer as a resource to help maintainer fix pressing security vulnerabilities, please also let us know at

:eyes: Subscribe

To receive notice of security patches, please watch our Security Announcements Discourse topic! Log in to → select the button with a bell icon on the top right corner above the topic list → choose Watching First Post.

Are you an Open edX operator?

Also watch our Confluence page For operators.

Are you an Open edX maintainer?

Also watch our Confluence page For maintainers.

Thank you very much! Hope to see you soon.

Feanil, Ali, & Phil