Skip to content

chore: update SECURITY.md from global .github repo Signed-off-by: microcks-bot <info@microcks.io> #48

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Mar 4, 2025
Merged

chore: update SECURITY.md from global .github repo Signed-off-by: microcks-bot <info@microcks.io> #48

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 18 additions & 2 deletions SECURITY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,22 @@

## Reporting a Vulnerability

If you've found a vulnerability in our components or website, or want additional information regarding how we manage security, please report it via a [GitHub discussion](https://github.com/microcks/microcks/discussions).
If you've found a vulnerability in our components or website or want additional information regarding how we manage security, please report it via a [GitHub discussion](https://github.com/microcks/microcks/discussions).

In case you do not want to publicly report a security issue for one of the libraries owned by the Microcks community, write an email with a detailed description of the issue to security@microcks.io.
If you do not want to publicly report a security issue for one of the libraries owned by the Microcks community, write an email with a detailed description of the issue to security@microcks.io.

## Public Disclosure Timing

We prefer to fully disclose the bug as soon as possible once a user mitigation is available. The Fix Lead drives the schedule using their best judgment based on severity, development time, and release manager feedback. If the Fix Lead deals with public disclosure, all timelines will be set as soon as possible (ASAP).

## Supported Versions

Microcks releases follow the [semver](https://semver.org/) specification. Security fixes are typically merged into the current development branch and are due for release in the next minor version. We may create a fix release upon request or, if deemed necessary, as part of a critical security fix.

## Security Team

The security team is made up of a subset of the project [maintainers](https://github.com/microcks/.github/blob/main/GOVERNANCE.md#maintainers-code-owners-contributors-and-adopters) and [code owners](https://github.com/microcks/.github/blob/main/GOVERNANCE.md#maintainers-code-owners-contributors-and-adopters) who are willing and able to respond to vulnerability reports.

## Credits

Sections of this document have been borrowed and inspired from the [OpenEBS](https://github.com/openebs/community/blob/72506ee3b885bd06324b82a650fcd3a61e93eef0/SECURITY.md) project.