The ASF is a 501C3 non-profit corporation in the US - and there's a lot going on the corporate side of the ASF, to keep the corporate records and infrastructure that the many Apache projects you use working.
Below is a listing of the officers and people who make the corporate side of the ASF work. Here are a few more links that explain how corporate governance works at the ASF, which is separate from how Apache PMCs work.
| Who this role reports to (the board, another officer, etc.) | board |
| Listing of board reports | https://whimsy.apache.org/board/minutes/Security_Team.html |
| Mailing list for questions | security-discuss@community.apache.org |
| Board resolution originally creating or updating role | http://apache.org/foundation/records/minutes/2006/board_minutes_2006_09_20.txt |
| Public website for more information | https://security.apache.org/ |
| Mark J. Cox |
Board Committee charged with maintaining the security of software produced by the various projects established under the ASF’s umbrella, but not for the security of the servers and other infrastructure.
Ensure security reports about Apache projects are routed responsibly.