Add SECURITY.md.
Adds minimal security policy info to SECURITY.md. This allows Github to advertise the security policy doc for the repo. See: https://github.blog/changelog/2019-05-23-security-policy/ See: https://help.github.com/en/articles/adding-a-security-policy-to-your-repository PiperOrigin-RevId: 273214306
This commit is contained in:
parent
f24c3188b5
commit
5ac2cc5491
|
@ -133,11 +133,9 @@ The [gvisor-users mailing list][gvisor-users-list] and
|
||||||
[gvisor-dev mailing list][gvisor-dev-list] are good starting points for
|
[gvisor-dev mailing list][gvisor-dev-list] are good starting points for
|
||||||
questions and discussion.
|
questions and discussion.
|
||||||
|
|
||||||
## Security
|
## Security Policy
|
||||||
|
|
||||||
Sensitive security-related questions, comments and disclosures can be sent to
|
See [SECURITY.md](SECURITY.md).
|
||||||
the [gvisor-security mailing list][gvisor-security-list]. The full security
|
|
||||||
disclosure policy is defined in the [community][community] repository.
|
|
||||||
|
|
||||||
## Contributing
|
## Contributing
|
||||||
|
|
||||||
|
@ -147,7 +145,6 @@ See [Contributing.md](CONTRIBUTING.md).
|
||||||
[community]: https://gvisor.googlesource.com/community
|
[community]: https://gvisor.googlesource.com/community
|
||||||
[docker]: https://www.docker.com
|
[docker]: https://www.docker.com
|
||||||
[git]: https://git-scm.com
|
[git]: https://git-scm.com
|
||||||
[gvisor-security-list]: https://groups.google.com/forum/#!forum/gvisor-security
|
|
||||||
[gvisor-users-list]: https://groups.google.com/forum/#!forum/gvisor-users
|
[gvisor-users-list]: https://groups.google.com/forum/#!forum/gvisor-users
|
||||||
[gvisor-dev-list]: https://groups.google.com/forum/#!forum/gvisor-dev
|
[gvisor-dev-list]: https://groups.google.com/forum/#!forum/gvisor-dev
|
||||||
[oci]: https://www.opencontainers.org
|
[oci]: https://www.opencontainers.org
|
||||||
|
|
|
@ -0,0 +1,11 @@
|
||||||
|
# Security and Vulnerability Reporting
|
||||||
|
|
||||||
|
Sensitive security-related questions, comments, and reports should be sent to
|
||||||
|
the [gvisor-security mailing list][gvisor-security-list]. You should receive a
|
||||||
|
prompt response, typically within 48 hours.
|
||||||
|
|
||||||
|
Policies for security list access, vulnerability embargo, and vulnerability
|
||||||
|
disclosure are outlined in the [community][community] repository.
|
||||||
|
|
||||||
|
[community]: https://gvisor.googlesource.com/community
|
||||||
|
[gvisor-security-list]: https://groups.google.com/forum/#!forum/gvisor-security
|
Loading…
Reference in New Issue