Skip to content

Commit 98d3fe2

Browse files
microcks-botmicrocks-bot
authored
chore: update SECURITY.md from global .github repo (#82)
Signed-off-by: microcks-bot <[email protected]>
1 parent 67d1dc3 commit 98d3fe2

File tree

1 file changed

+18
-2
lines changed

1 file changed

+18
-2
lines changed

SECURITY.md

Lines changed: 18 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,22 @@
22

33
## Reporting a Vulnerability
44

5-
If you've found a vulnerability in our components or website, or want additional information regarding how we manage security, please report it via a [GitHub discussion](https://github.com/microcks/microcks/discussions).
5+
If you've found a vulnerability in our components or website or want additional information regarding how we manage security, please report it via a [GitHub discussion](https://github.com/microcks/microcks/discussions).
66

7-
In case you do not want to publicly report a security issue for one of the libraries owned by the Microcks community, write an email with a detailed description of the issue to [email protected].
7+
If you do not want to publicly report a security issue for one of the libraries owned by the Microcks community, write an email with a detailed description of the issue to [email protected].
8+
9+
## Public Disclosure Timing
10+
11+
We prefer to fully disclose the bug as soon as possible once a user mitigation is available. The Fix Lead drives the schedule using their best judgment based on severity, development time, and release manager feedback. If the Fix Lead deals with public disclosure, all timelines will be set as soon as possible (ASAP).
12+
13+
## Supported Versions
14+
15+
Microcks releases follow the [semver](https://semver.org/) specification. Security fixes are typically merged into the current development branch and are due for release in the next minor version. We may create a fix release upon request or, if deemed necessary, as part of a critical security fix.
16+
17+
## Security Team
18+
19+
The security team is made up of a subset of the project [maintainers](https://github.com/microcks/.github/blob/main/GOVERNANCE.md#maintainers-code-owners-contributors-and-adopters) and [code owners](https://github.com/microcks/.github/blob/main/GOVERNANCE.md#maintainers-code-owners-contributors-and-adopters) who are willing and able to respond to vulnerability reports.
20+
21+
## Credits
22+
23+
Sections of this document have been borrowed and inspired from the [OpenEBS](https://github.com/openebs/community/blob/72506ee3b885bd06324b82a650fcd3a61e93eef0/SECURITY.md) project.

0 commit comments

Comments
 (0)