Skip to content

Security: redriverhong/openebs

Security

SECURITY.md

Security Policy

OpenEBS follows similar security policy as other CNCF projects, primarily inspired from the Kubernetes project. As the community and adoption increases, a much more detailed process will be put in place.

Announcements

Security related issues once fixed will be tracked publicly on GitHub Issues. New issue announcements are sent to cncf-openebs-announcements@lists.cncf.io

Reporting a Vulnerability

If you find a security bug please report it privately to the maintainers listed in the MAINTAINERS of the relevant repository. We will fix the issue and coordinate a release date with you, acknowledging your effort and mentioning you by name if you want.

Security Vulnerability Response

Each report is acknowledged and analyzed by the maintainers within 3 working days. As the security issue moves from triage, to identified fix, to release planning we will keep the reporter updated.

Public Disclosure Timing

We prefer to fully disclose the bug as soon as possible once a user mitigation is available. The Fix Lead drives the schedule using their best judgment based on severity, development time, and release manager feedback. If the Fix Lead is dealing with a Public Disclosure all timelines become ASAP.

There aren’t any published security advisories