-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: 佑祎 <zzw261520@alibaba-inc.com>
- Loading branch information
1 parent
3635bf8
commit 327ecbd
Showing
4 changed files
with
62 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
# Security Policy | ||
|
||
- [Security Policy](#security-policy) | ||
- [Reporting security problems](#reporting-security-problems) | ||
- [Vulnerability Management Plans](#vulnerability-management-plans) | ||
- [Critical Updates And Security Notices](#critical-updates-and-security-notices) | ||
|
||
## Reporting security problems | ||
|
||
**DO NOT CREATE AN ISSUE** to report a security problem. Instead, please | ||
send an email to kubernetes-security@service.aliyun.com | ||
|
||
Please follow the [embargo policy](./embargo-policy.md) for all security-related problems. | ||
|
||
## Vulnerability Management Plans | ||
|
||
### Critical Updates And Security Notices | ||
|
||
We learn about critical software updates and security threats from these sources | ||
|
||
1. GitHub Security Alerts | ||
2. [Dependabot](https://dependabot.com/) Dependency Updates |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
# Embargo Policy | ||
|
||
This policy forbids members of this project's security contacts any others | ||
defined below from sharing information outside of the security contacts and this | ||
listing without need-to-know and advance notice. | ||
|
||
The information members and others receive from the list defined below must: | ||
|
||
* not be made public, | ||
* not be shared, | ||
* not be hinted at | ||
* must be kept confidential and close held | ||
|
||
Except with the list's explicit approval. This holds true until the public | ||
disclosure date/time that was agreed upon by the list. | ||
|
||
If information is inadvertently shared beyond what is allowed by this policy, | ||
you are REQUIRED to inform the security contacts kubernetes-security@service.aliyun.com of exactly what | ||
information leaked and to whom. A retrospective will take place after the leak | ||
so we can assess how to not make this mistake in the future. | ||
|
||
Violation of this policy will result in the immediate removal and subsequent | ||
replacement of you from this list or the Security Contacts. | ||
|
||
## Disclosure Timeline | ||
|
||
This project sustains a **disclosure timeline** to ensure we provide a | ||
quality, tested release. On some occasions, we may need to extend this timeline | ||
due to complexity of the problem, lack of expertise available, or other reasons. | ||
Submitters will be notified if an extension occurs. |