+For more information on configuring and installing OpenStack plugins for
+collectd, check out the `collectd-openstack-plugins GSG`_.
+
+Security
+^^^^^^^^
+* AAA – on top of collectd there secure agents like SNMP V3, Openstack agents
+ etc. with their own AAA methods.
+
+* Collectd runs as a daemon with root permissions.
+
+* The `Exec plugin`_ allows the execution of external programs but counters the security
+ concerns by:
+
+ * Ensuring that only one instance of the program is executed by collectd at any time
+ * Forcing the plugin to check that custom programs are never executed with superuser
+ privileges.
+
+* Protection of Data in flight:
+
+ * It's recommend to use a minimum version of 4.7 of the Network plugin which provides
+ the possibility to cryptographically sign or encrypt the network traffic.
+ * Write Redis plugin or the Write MongoDB plugin are recommended to store the data.
+ * For more information, please see: https://collectd.org/wiki/index.php?title=Networking_introduction
+
+* Known vulnerabilities include:
+
+ * https://www.cvedetails.com/vulnerability-list/vendor_id-11242/Collectd.html
+
+ * `CVE-2017-7401`_ fixed https://github.com/collectd/collectd/issues/2174 in Version 5.7.2.
+ * `CVE-2016-6254`_ fixed https://mailman.verplant.org/pipermail/collectd/2016-July/006838.html
+ in Version 5.4.3.
+ * `CVE-2010-4336`_ fixed https://mailman.verplant.org/pipermail/collectd/2010-November/004277.html
+ in Version 4.10.2.
+
+ * https://www.cvedetails.com/product/20310/Collectd-Collectd.html?vendor_id=11242
+
+* It's recommended to only use collectd plugins from signed packages.
+