Skip to content
This repository has been archived by the owner on May 13, 2024. It is now read-only.

Latest commit

 

History

History
61 lines (41 loc) · 2.48 KB

SECURITY.md

File metadata and controls

61 lines (41 loc) · 2.48 KB

ErieCanal Security Policies and Procedures

This document outlines security procedures and general policies for the ErieCanal open source project as found on https://github.com/flomesh-io/ErieCanal.

Reporting a Vulnerability

IMPORTANT: Please do not open public issues on GitHub for security vulnerabilities

The ErieCanal team and community take all security vulnerabilities seriously. Thank you for improving the security of our open source software. We appreciate your efforts and responsible disclosure and will make every effort to acknowledge your contributions.

Report security vulnerabilities by emailing the ErieCanal security team at:

Please provide the following:

  • Individual's identity and organization
  • Detailed description of the issue and the consequences of the vulnerability
  • Estimation of the attack surface
  • 3rd party software, if any, used with ErieCanal
  • Detailed steps to reproduce the issue

A maintainer will acknowledge your email and send a detailed response within 3 business days indicating the next steps in handling your report. After the initial reply to your report, the team will endeavor to keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.

Report potential security issues, or known security issues in a third party modules by opening a Github Issue.

When To Send A Report

If you think you have found a vulnerability in a ErieCanal project.

Report potential security issues, or known security issues in a third party modules by opening a Github Issue.

When Not To Send A Report

  • For guidance on securing ErieCanal please open a Github Issue or reach out on the ErieCanal Slack Channel within the Flomesh Slack
  • For guidance on applying security updates

Disclosure Policy

When the team receives a security bug report, they will assign it to someone to be a primary handler. This person will coordinate the fix and release process, involving the following steps:

  • Confirm the problem and determine the affected versions.
  • Audit code to find any potential similar problems.
  • Prepare fixes for all releases still under maintenance. These fixes will be released as fast as possible.