kubevirt.io/api@v1.2.0/SECURITY.md (about) 1 # Security Policy 2 3 ## Reporting a Vulnerability 4 5 The KubeVirt project treats security vulnerabilities seriously, so we 6 strive to take action quickly when required. 7 8 The project requests that security issues be disclosed in a responsible 9 manner to allow adequate time to respond. If a security issue or 10 vulnerability has been found, please disclose the details to our 11 dedicated email address: 12 13 cncf-kubevirt-security@lists.cncf.io 14 15 Please include as much information as possible with the report. The 16 following details assist with analysis efforts: 17 - Description of the vulnerability 18 - Affected component (version, commit, branch etc) 19 - Affected code (file path, line numbers) 20 - Exploit code 21 22 Any confidential information disclosed to the security team will be 23 handled appropriately to prevent misuse or accidental disclosure. 24 25 ## Security Notices 26 27 Security notices will be sent to the kubevirt-dev@googlegroups.com 28 mailing list and published to the 29 [Security Advisories](https://github.com/kubevirt/kubevirt/security/advisories) 30 page. 31 32 ## Security Team 33 34 The security team currently consists of the Maintainers of KubeVirt and is 35 supported by security teams of involved vendors. 36 37 List of involved vendor security teams: 38 - Red Hat <secalert@redhat.com> 39 - SUSE <security@suse.de> 40 41 ## Alternate Reporting Mechanism 42 43 If you are unable to report the vulnerability to the dedicated email address, you can use the [GitHub vulnerability report mechanism](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability).