diff options
| author | Ian Lewis <ianlewis@google.com> | 2019-10-06 21:06:53 -0700 |
|---|---|---|
| committer | gVisor bot <gvisor-bot@google.com> | 2019-10-06 21:08:11 -0700 |
| commit | 5ac2cc54918c480bd40ec3f05c9ce93a2d7afa99 (patch) | |
| tree | 64c65dc49a8982b9357ea92a9398936081783042 | |
| parent | f24c3188b5d57b370ff048c87420a7f56a48b5b8 (diff) | |
Add SECURITY.md.
Adds minimal security policy info to SECURITY.md. This allows Github to
advertise the security policy doc for the repo.
See: https://github.blog/changelog/2019-05-23-security-policy/
See: https://help.github.com/en/articles/adding-a-security-policy-to-your-repository
PiperOrigin-RevId: 273214306
| -rw-r--r-- | README.md | 7 | ||||
| -rw-r--r-- | SECURITY.md | 11 |
2 files changed, 13 insertions, 5 deletions
@@ -133,11 +133,9 @@ The [gvisor-users mailing list][gvisor-users-list] and [gvisor-dev mailing list][gvisor-dev-list] are good starting points for questions and discussion. -## Security +## Security Policy -Sensitive security-related questions, comments and disclosures can be sent to -the [gvisor-security mailing list][gvisor-security-list]. The full security -disclosure policy is defined in the [community][community] repository. +See [SECURITY.md](SECURITY.md). ## Contributing @@ -147,7 +145,6 @@ See [Contributing.md](CONTRIBUTING.md). [community]: https://gvisor.googlesource.com/community [docker]: https://www.docker.com [git]: https://git-scm.com -[gvisor-security-list]: https://groups.google.com/forum/#!forum/gvisor-security [gvisor-users-list]: https://groups.google.com/forum/#!forum/gvisor-users [gvisor-dev-list]: https://groups.google.com/forum/#!forum/gvisor-dev [oci]: https://www.opencontainers.org diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000..154d68cb3 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,11 @@ +# Security and Vulnerability Reporting + +Sensitive security-related questions, comments, and reports should be sent to +the [gvisor-security mailing list][gvisor-security-list]. You should receive a +prompt response, typically within 48 hours. + +Policies for security list access, vulnerability embargo, and vulnerability +disclosure are outlined in the [community][community] repository. + +[community]: https://gvisor.googlesource.com/community +[gvisor-security-list]: https://groups.google.com/forum/#!forum/gvisor-security |