This repository has been archived on 2022-08-17. You can view files and clone it, but cannot push or open issues or pull requests.
dex/.github/SECURITY.md
Mark Sagi-Kazar 59fcab281e
docs: initial security policy
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2021-04-26 10:59:15 +02:00

1.2 KiB

Security Policy

Reporting a vulnerability

To report a vulnerability, send an email to cncf-dex-maintainers@lists.cncf.io detailing the issue and steps to reproduce. The reporter(s) can expect a response within 48 hours acknowledging the issue was received. If a response is not received within 48 hours, please reach out to any maintainer directly to confirm receipt of the issue.

Review Process

Once a maintainer has confirmed the relevance of the report, a draft security advisory will be created on Github. The draft advisory will be used to discuss the issue with maintainers, the reporter(s). If the reporter(s) wishes to participate in this discussion, then provide reporter Github username(s) to be invited to the discussion. If the reporter(s) does not wish to participate directly in the discussion, then the reporter(s) can request to be updated regularly via email.

If the vulnerability is accepted, a timeline for developing a patch, public disclosure, and patch release will be determined. The reporter(s) are expected to participate in the discussion of the timeline and abide by agreed upon dates for public disclosure.