File tree 1 file changed +23
-0
lines changed
1 file changed +23
-0
lines changed Original file line number Diff line number Diff line change 1+ # Security Policy
2+
3+ We take security vulnerabilities seriously (and so should you!)
4+
5+ Our policy on reported vulnerabilities (see below on how to report) is that we will
6+ respond to the reporter of a vulnerability within two (2) business days of receiving
7+ the report and notify the reporter whether and when a remediation will be committed.
8+
9+ When a remediation for a security vulnerability is committed, we will cut a tagged
10+ release of ` gdt ` and include in the release notes for that tagged release a description
11+ of the vulnerability and a discussion of how it was remediated, along with a note
12+ urging users to update to that fixed version.
13+
14+ ## Reporting a Vulnerability
15+
16+ While ` gdt ` does have automated Github Dependabot alerts about security vulnerabilities
17+ in ` gdt ` 's dependencies, there is always a chance that a vulnerability in a dependency
18+ goes undetected by Dependabot. If you are aware of a vulnerability either in ` gdt ` or
19+ one of its dependencies, please do not hesitate to reach out to ` gdt ` maintainers via
20+ email or Slack. ** Do not discuss vulnerabilities in a public forum** .
21+
22+ ` gdt ` 's primary maintainer is Jay Pipes, who can be found on the Kubernetes Slack
23+ community as ` @jaypipes ` and reached via email at jaypipes at gmail dot com.
You can’t perform that action at this time.
0 commit comments