github.com/jaypipes/ghw@v0.21.1/SECURITY.md

github.com/jaypipes/ghw@v0.21.1/SECURITY.md (about)

     1  # Security Policy
     2  
     3  We take security vulnerabilities seriously (and so should you!)
     4  
     5  Our policy on reported vulnerabilities (see below on how to report) is that we will
     6  respond to the reporter of a vulnerability within two (2) business days of receiving
     7  the report and notify the reporter whether and when a remediation will be committed.
     8  
     9  When a remediation for a security vulnerability is committed, we will cut a tagged
    10  release of `ghw` and include in the release notes for that tagged release a description
    11  of the vulnerability and a discussion of how it was remediated, along with a note
    12  urging users to update to that fixed version.
    13  
    14  ## Reporting a Vulnerability
    15  
    16  While `ghw` does have automated Github Dependabot alerts about security vulnerabilities
    17  in `ghw`'s dependencies, there is always a chance that a vulnerability in a dependency
    18  goes undetected by Dependabot. If you are aware of a vulnerability either in `ghw` or
    19  one of its dependencies, please do not hesitate to reach out to `ghw` maintainers via
    20  email or Slack. **Do not discuss vulnerabilities in a public forum**.
    21  
    22  `ghw`'s primary maintainer is Jay Pipes, who can be found on the Kubernetes Slack
    23  community as `@jaypipes` and reached via email at jaypipes at gmail dot com.