ONAP Vulnerability Management

and the onap-security mail alias are only to report issues against the ONAP software itself.

  It is NOT to be used for any issues related to tools and infrastructure (DNS, email, web, etc.) 

• If you would like to report a vulnerability against general project infrastructure (such as DNS, web or email services), please go to http://support.linuxfoundation.org/ → Project Services → Infrastructure Operations and file a bug.
• The ONAP Project does not pay bug bounties.