mirror of https://github.com/dexidp/dex.git
Mark Sagi-Kazar
5 years ago
1 changed files with 24 additions and 0 deletions
@ -0,0 +1,24 @@
|
||||
# Security Policy |
||||
|
||||
## Reporting a vulnerability |
||||
|
||||
To report a vulnerability, send an email to [cncf-dex-maintainers@lists.cncf.io](mailto:cncf-dex-maintainers@lists.cncf.io) |
||||
detailing the issue and steps to reproduce. The reporter(s) can expect a |
||||
response within 48 hours acknowledging the issue was received. If a response is |
||||
not received within 48 hours, please reach out to any maintainer directly |
||||
to confirm receipt of the issue. |
||||
|
||||
## Review Process |
||||
|
||||
Once a maintainer has confirmed the relevance of the report, a draft security |
||||
advisory will be created on Github. The draft advisory will be used to discuss |
||||
the issue with maintainers, the reporter(s). |
||||
If the reporter(s) wishes to participate in this discussion, then provide |
||||
reporter Github username(s) to be invited to the discussion. If the reporter(s) |
||||
does not wish to participate directly in the discussion, then the reporter(s) |
||||
can request to be updated regularly via email. |
||||
|
||||
If the vulnerability is accepted, a timeline for developing a patch, public |
||||
disclosure, and patch release will be determined. The reporter(s) are expected |
||||
to participate in the discussion of the timeline and abide by agreed upon dates |
||||
for public disclosure. |
||||
Loading…
Reference in new issue