-
Notifications
You must be signed in to change notification settings - Fork 28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
incident-disclosure: add Incident Disclosure and Notification policy #12
Conversation
2c4e500
to
221ea46
Compare
New policy to document our commitments to disclosing security incidents and the exact process for notifying users.
221ea46
to
f9083a0
Compare
Co-authored-by: Maya Kaczorowski <15946341+mayakacz@users.noreply.github.com>
|
||
To notify users about security vulnerabilities, Tailscale will **email** affected tailnets’ administrators, with information specific to the tailnet, including specific users or nodes which are affected. These emails will be sent to the [security contact](https://tailscale.com/kb/1224/contact-preferences/#setting-the-security-issues-email) for the tailnet, which by default is the Owner of the tailnet. | ||
|
||
Occasionally, Tailscale may decide to notify users in additional ways about a security issue, such as by publishing a [blog post](https://tailscale.com/blog/), or with in-product notifications by putting a warning banner in the admin console. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To avoid ruling out other kinds of in-product notifications, suggestion:
... in-product notifications (such as by putting...).
Up to you though.
@@ -26,7 +26,7 @@ All employees should watch for potentially suspicious activities, including: | |||
* Modification or defacement of websites | |||
* New open network ports on a system | |||
|
|||
Tailscale regularly reviews logs for detecting and tracking attempted intrusions and other suspicious activity. These include git, cloud, networking, SaaS tool, and other infrastructure logs. | |||
Tailscale regularly reviews logs for detecting and tracking attempted intrusions and other suspicious activity. These include git, cloud, networking, SaaS tool, and other infrastructure logs. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
usage nit (up to you): "...reviews logs to detect and track..."
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM with suggestions.
Post-merge suggestions from #12 (review)
Post-merge suggestions from #12 (review)
New policy to document our commitments to disclosing security incidents and the exact process for notifying users.