Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Define and document the project security policy #499

Open
kevinpollet opened this issue Apr 15, 2020 · 0 comments
Open

Define and document the project security policy #499

kevinpollet opened this issue Apr 15, 2020 · 0 comments
Labels
area/documentation kind/enhancement a new or improved feature.
Milestone
next

Comments

@kevinpollet
Copy link
Member

kevinpollet commented Apr 15, 2020
edited
Loading

Proposal

At some point, Maesh will experience security issues. To handle them gracefully, we should document our security policy and define, at least:

  • How and where security vulnerabilities will be reported.
  • How to disclose a security vulnerability responsibly.

We should have a look at the GitHub Security policy feature and use the Traefik security policy as an example.
@kevinpollet kevinpollet added kind/enhancement a new or improved feature. and removed area/infrastructure labels Apr 22, 2020
@dtomcej dtomcej added this to the v1.3 milestone May 8, 2020
@kevinpollet kevinpollet modified the milestones: v1.3, v1.4 Jun 16, 2020
@kevinpollet kevinpollet modified the milestones: v1.4, next Sep 28, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/documentation kind/enhancement a new or improved feature.
Projects
None yet
Milestone
next
Development

No branches or pull requests
2 participants
@kevinpollet @dtomcej