From 9572dc16850189f093bbd7bcb9790310b274618d Mon Sep 17 00:00:00 2001
From: LiZhenCheng9527 <lizhencheng6@huawei.com>
Date: Tue, 7 Nov 2023 20:26:34 +0800
Subject: [PATCH 1/4] add security team

Signed-off-by: LiZhenCheng9527 <lizhencheng6@huawei.com>
---
 security-team/bug-report.md             | 17 +++++++++++++++++
 security-team/report-a-vulnerability.md | 20 ++++++++++++++++++++
 security-team/security-groups.md        | 11 +++++++++++
 3 files changed, 48 insertions(+)
 create mode 100644 security-team/bug-report.md
 create mode 100644 security-team/report-a-vulnerability.md
 create mode 100644 security-team/security-groups.md

diff --git a/security-team/bug-report.md b/security-team/bug-report.md
new file mode 100644
index 000000000..faff2a74d
--- /dev/null
+++ b/security-team/bug-report.md
@@ -0,0 +1,17 @@
+<!-- Please use this template while reporting a bug and provide as much info as possible. Not doing so may result in your bug not being addressed in a timely manner. Thanks!
+-->
+
+**What happened**:
+
+**What you expected to happen**:
+
+**How to reproduce it (as minimally and precisely as possible)**:
+
+**Anything else we need to know?**:
+
+**Environment**:
+
+- Kurator version:
+- kubectl version:
+- fluxcd version:
+- Others:
diff --git a/security-team/report-a-vulnerability.md b/security-team/report-a-vulnerability.md
new file mode 100644
index 000000000..f5c2b5cad
--- /dev/null
+++ b/security-team/report-a-vulnerability.md
@@ -0,0 +1,20 @@
+## Report a Vulnerability
+
+We sincerely request you to keep the vulnerability information confidential and responsibly disclose the vulnerabilities.
+
+To report a vulnerability, please contact the [Security Team](security-groups.md). You can email the Security Team with the security details and the details expected for [kurator bug report](https://github.com/kurator-dev/kurator/security-team/bug-report.md).
+
+The team will help diagnose the severity of the issue and determine how to address the issue. The reporter(s) can expect a response within 2 business day acknowledging the issue was received. If a response is not received within 2 business day, please reach out to any Security Team member (listed [here](security-groups.md), under the `The Security Team` section) directly to confirm receipt of the issue. We’ll try to keep you informed about our progress throughout the process.
+
+### When Should I Report a Vulnerability?
+
+- You think you discovered a potential security vulnerability in Kurator
+- You are unsure how a vulnerability affects Kurator
+
+### When Should I NOT Report a Vulnerability?
+
+- You need help tuning Kurator components for security
+- You need help applying security related updates
+- Your issue is not security related
+
+If you think you discovered a vulnerability in another project that Kurator depends on, and that project has their own vulnerability reporting and disclosure process, please report it directly there.
diff --git a/security-team/security-groups.md b/security-team/security-groups.md
new file mode 100644
index 000000000..b63322fae
--- /dev/null
+++ b/security-team/security-groups.md
@@ -0,0 +1,11 @@
+## The Security Team
+
+Owners:
+
+- [xuzhonghu@huawei.com](mailto:xuzhonghu@huawei.com)
+
+Members:
+
+- [xuzhonghu@huawei.com](mailto:xuzhonghu@huawei.com)
+- [xieqianglong@huawei.com](mailto:xieqianglong@huawei.com)
+- [lizhencheng6@huawei.com](mailto:lizhencheng6@huawei.com)

From 5f77b9862cae45d97fb56fdfd4cc11199497bec9 Mon Sep 17 00:00:00 2001
From: LiZhenCheng9527 <lizhencheng6@huawei.com>
Date: Wed, 8 Nov 2023 19:33:22 +0800
Subject: [PATCH 2/4] link vulnerability-report.md to the README

Signed-off-by: LiZhenCheng9527 <lizhencheng6@huawei.com>
---
 README.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/README.md b/README.md
index ca7312251..9511e9f03 100644
--- a/README.md
+++ b/README.md
@@ -53,3 +53,7 @@ details on submitting patches and the contribution workflow.
 ## License
 
 Kurator is under the Apache 2.0 license. See the [LICENSE](LICENSE) file for details.
+
+## report a vulnerability
+
+If you find a vulnerability in Kurator, you can report it to our security-team in the [following way](https://github.com/kurator-dev/kurator/security-team/report-a-vulnerability.md). We will deal with it as soon as possible.

From b4623067a6bee97054ca14074b3fa1470e7abe2d Mon Sep 17 00:00:00 2001
From: LiZhenCheng9527 <lizhencheng6@huawei.com>
Date: Thu, 9 Nov 2023 10:03:31 +0800
Subject: [PATCH 3/4] add security email groups information

Signed-off-by: LiZhenCheng9527 <lizhencheng6@huawei.com>
---
 .../security}/report-a-vulnerability.md           |  2 +-
 community/security/security-groups.md             | 15 +++++++++++++++
 .../security/vulnerability-report-template.md     |  2 +-
 security-team/security-groups.md                  | 11 -----------
 4 files changed, 17 insertions(+), 13 deletions(-)
 rename {security-team => community/security}/report-a-vulnerability.md (78%)
 create mode 100644 community/security/security-groups.md
 rename security-team/bug-report.md => community/security/vulnerability-report-template.md (55%)
 delete mode 100644 security-team/security-groups.md

diff --git a/security-team/report-a-vulnerability.md b/community/security/report-a-vulnerability.md
similarity index 78%
rename from security-team/report-a-vulnerability.md
rename to community/security/report-a-vulnerability.md
index f5c2b5cad..6af101843 100644
--- a/security-team/report-a-vulnerability.md
+++ b/community/security/report-a-vulnerability.md
@@ -2,7 +2,7 @@
 
 We sincerely request you to keep the vulnerability information confidential and responsibly disclose the vulnerabilities.
 
-To report a vulnerability, please contact the [Security Team](security-groups.md). You can email the Security Team with the security details and the details expected for [kurator bug report](https://github.com/kurator-dev/kurator/security-team/bug-report.md).
+To report a vulnerability, please contact the Security Team: [kurator-security@googlegroups.com](mailto:kurator-security@googlegroups.com). You can email the Security Team with the security details and the details expected for [kurator report](https://github.com/kurator-dev/kurator/community/security/vulnerability-report-template.md).
 
 The team will help diagnose the severity of the issue and determine how to address the issue. The reporter(s) can expect a response within 2 business day acknowledging the issue was received. If a response is not received within 2 business day, please reach out to any Security Team member (listed [here](security-groups.md), under the `The Security Team` section) directly to confirm receipt of the issue. We’ll try to keep you informed about our progress throughout the process.
 
diff --git a/community/security/security-groups.md b/community/security/security-groups.md
new file mode 100644
index 000000000..2003c9584
--- /dev/null
+++ b/community/security/security-groups.md
@@ -0,0 +1,15 @@
+## The Security Team
+
+Emial:
+
+[kurator-security@googlegroups.com](mailto:kurator-security@googlegroups.com)
+
+Owners:
+
+- [hzxuzhonghu](https://github.com/hzxuzhonghu)
+
+Members:
+
+- [hzxuzhonghu](https://github.com/hzxuzhonghu)
+- [Xieql](https://github.com/Xieql)
+- [LiZhenCheng9527](https://github.com/LiZhenCheng9527)
diff --git a/security-team/bug-report.md b/community/security/vulnerability-report-template.md
similarity index 55%
rename from security-team/bug-report.md
rename to community/security/vulnerability-report-template.md
index faff2a74d..95f99cf78 100644
--- a/security-team/bug-report.md
+++ b/community/security/vulnerability-report-template.md
@@ -1,4 +1,4 @@
-<!-- Please use this template while reporting a bug and provide as much info as possible. Not doing so may result in your bug not being addressed in a timely manner. Thanks!
+<!-- Please use this template while reporting a Kurator vulnerability and provide as much info as possible. Not doing so may result in your culnerability not being addressed in a timely manner. Thanks!
 -->
 
 **What happened**:
diff --git a/security-team/security-groups.md b/security-team/security-groups.md
deleted file mode 100644
index b63322fae..000000000
--- a/security-team/security-groups.md
+++ /dev/null
@@ -1,11 +0,0 @@
-## The Security Team
-
-Owners:
-
-- [xuzhonghu@huawei.com](mailto:xuzhonghu@huawei.com)
-
-Members:
-
-- [xuzhonghu@huawei.com](mailto:xuzhonghu@huawei.com)
-- [xieqianglong@huawei.com](mailto:xieqianglong@huawei.com)
-- [lizhencheng6@huawei.com](mailto:lizhencheng6@huawei.com)

From d02032cc97c5da2a4bfff4bb384fc4ebf6dc9a42 Mon Sep 17 00:00:00 2001
From: LiZhenCheng9527 <lizhencheng6@huawei.com>
Date: Thu, 9 Nov 2023 16:59:14 +0800
Subject: [PATCH 4/4] add security team members

Signed-off-by: LiZhenCheng9527 <lizhencheng6@huawei.com>
---
 community/security/report-a-vulnerability.md | 2 +-
 community/security/security-groups.md        | 6 ++++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/community/security/report-a-vulnerability.md b/community/security/report-a-vulnerability.md
index 6af101843..c0c2b452f 100644
--- a/community/security/report-a-vulnerability.md
+++ b/community/security/report-a-vulnerability.md
@@ -2,7 +2,7 @@
 
 We sincerely request you to keep the vulnerability information confidential and responsibly disclose the vulnerabilities.
 
-To report a vulnerability, please contact the Security Team: [kurator-security@googlegroups.com](mailto:kurator-security@googlegroups.com). You can email the Security Team with the security details and the details expected for [kurator report](https://github.com/kurator-dev/kurator/community/security/vulnerability-report-template.md).
+To report a vulnerability, please contact the Security Team: [kurator-security@googlegroups.com](mailto:kurator-security@googlegroups.com). You can email the Security Team with the security details and the details expected for [kurator vulnerability report](vulnerability-report-template.md).
 
 The team will help diagnose the severity of the issue and determine how to address the issue. The reporter(s) can expect a response within 2 business day acknowledging the issue was received. If a response is not received within 2 business day, please reach out to any Security Team member (listed [here](security-groups.md), under the `The Security Team` section) directly to confirm receipt of the issue. We’ll try to keep you informed about our progress throughout the process.
 
diff --git a/community/security/security-groups.md b/community/security/security-groups.md
index 2003c9584..a8b11c825 100644
--- a/community/security/security-groups.md
+++ b/community/security/security-groups.md
@@ -1,15 +1,17 @@
 ## The Security Team
 
-Emial:
+Email:
 
 [kurator-security@googlegroups.com](mailto:kurator-security@googlegroups.com)
 
 Owners:
 
+- [kevin-wangzefeng](https://github.com/kevin-wangzefeng)
 - [hzxuzhonghu](https://github.com/hzxuzhonghu)
 
 Members:
 
 - [hzxuzhonghu](https://github.com/hzxuzhonghu)
+- [zirain](https://github.com/zirain)
 - [Xieql](https://github.com/Xieql)
-- [LiZhenCheng9527](https://github.com/LiZhenCheng9527)
+- [LiZhenCheng9527](https://github.com/LiZhenCheng9527)
\ No newline at end of file