Security: Do you need to be on the new Early Disclosure list?

14 views
Skip to first unread message

julz.f...@uk.ibm.com

unread,
Jun 14, 2021, 4:21:11 AMJun 14
to Knative Users
Hi Knative-users,

We've recently set up an Early Disclosure List [0] as part of our Vulnerability Management Process [1]. A quite small number of people should need to be on the list (this isn't something everyone needs to sign up to!); but if you:
  1. Have an actively monitored security email alias for Knative. This cannot be a personal email address, it must be a corporate address owned by your organization.
  2. Are involved in redistributing Knative or have a product with a close coupling to Knative.
  3. Have a user base not limited to your own organization.
  4. Are a participant and active contributor in the Knative community.
  5. Accept the Embargo Policy that is outlined at [0].
.. then you may want to join this list. If so, and for more details, please see https://github.com/knative/community/blob/main/working-groups/security/disclosure.md.


Thanks,
Julz on behalf of the Security Working Group

Reply all
Reply to author
Forward
0 new messages