- Finder (Discoverer/ Reporter) – the individual or organization that identifies the vulnerability
- External group (i.e: Bishop Fox)
- Internally (i.e:bug bounty/Hackerone)
- Manager - An individual with a role of managing the vulnerability process till the fixing and its updated release, appointed by the management of OpenMRS.
- Vendor (OpenMRS) – the individual or organization that created or maintains the vulnerable product.
- Deployer – the individual or organization that must deploy a patch or take other remediation action
- Release managers who need to include the patch in the ongoing release process
- Coordinator – an individual or organization that facilitates the coordinated response process
- OpenMRS Software Security Lead
- Tester -the individual who tests the updated release, its feedback is taken from the Deployer and documents the fixes finally report it to the "Owner".