From 2563de3b9be92e9d4b97e9bfe33cde9dae0c0930 Mon Sep 17 00:00:00 2001 From: Henrik Blixt Date: Wed, 2 Feb 2022 15:29:49 -0800 Subject: [PATCH] chore:Updating security.md (#1588) Signed-off-by: Henrik Blixt Signed-off-by: Julie Vogelman --- SECURITY.md | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 4ce401fefe..33f46a42c4 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,15 +1,22 @@ -# Security +# Security policy for Argo Events -## Reporting Vulnerabilities +## Reporting a Vulnerability -Please report security vulnerabilities by e-mailing: +If you find a security related bug in Argo Events, we kindly ask you for responsible +disclosure and for giving us appropriate time to react, analyze and develop a +fix to mitigate the found security vulnerability. -* [Alex_Collins@intuit.com](mailto:Alex_Collins@intuit.com) -* [Edward_Lee@intuit.com](mailto:Edward_Lee@intuit.com) +Please report vulnerabilities by e-mail to the following address: + +* cncf-argo-security@lists.cncf.io + +All vulnerabilites and associated information will be treated with full confidentiality. ## Public Disclosure -Security vulnerabilities will be disclosed via [release notes](docs/releasing.md). +Security vulnerabilities will be disclosed via [release notes](docs/releasing.md) and using the +[GitHub Security Advisories](https://github.com/argoproj/argo-events/security/advisories) +feature to keep our community well informed, and will credit you for your findings (unless you prefer to stay anonymous, of course). ## Vulnerability Scanning