Skip to content

Security: kravciak/kubewarden-controller

Security

SECURITY.md

Security policy

The Kubewarden team greatly appreciates investigative work into security vulnerabilities carried out by well-intentioned, ethical security researchers. We follow the practice of responsible disclosure to protect Kubewarden's user-base from the impact of security issues. For us, this means:

  • We respond to security incidents on priority.
  • We release fixes for issues as soon as is practical, keeping in mind that not all risks are equal.
  • We always transparently let the community know about any incident that affects them.

If you have found a security vulnerability in Kubewarden, please disclose it responsibly by emailing [email protected]. Please don't discuss potential vulnerabilities in public without validating with us first.

On receipt of a security incident report we:

  • Review the report, verify the vulnerability and respond with a confirmation or requests for further information.
  • Once the reported security bug has been addressed we tell the Researcher, who is then welcome to disclose publicly if they wish.

There aren’t any published security advisories