Skip to content

Security: bf2fc6cc711aee1a0c2a/cos-sre-sops

Security

SECURITY.md

Security policy

The bf2fc6cc711aee1a0c2a team and community take all security bugs very seriously. You can find our guidelines here regarding our policy and security disclosure.

Reporting security issues

Please report any security issues to Red Hat's Product Security team directly, by following the instructions here:

https://access.redhat.com/security/team/contact/

Ecosystem

bf2fc6cc711aee1a0c2a is built on top of many other open source projects (like Strimzi, Apache Kafka, OpenShift, Quarkus, and more!), most of them not under the direct responsibility of the bf2fc6cc711aee1a0c2a team. If you find a security bug possibly rooted in one of these projects; you can either disclose the issue to them directly, or disclose it to Red Hat's Product Security team (following the above-linked process) and they will responsibly disclose the issue to the respective project maintainer.

Why follow this process?

Due to the sensitive nature of security bugs, the disclosure process is more constrained than a regular bug. We appreciate you following these industry accepted guidelines, which gives time for a proper fix and limit the time window of attack.

There aren’t any published security advisories