Security: Do you need to be on the new Early Disclosure list?

14 views

Skip to first unread message

julz.f...@uk.ibm.com

unread,

Jun 14, 2021, 4:21:11 AM6/14/21

to Knative Users

Hi Knative-users,

We've recently set up an Early Disclosure List [0] as part of our Vulnerability Management Process [1]. A quite small number of people should need to be on the list (this isn't something everyone needs to sign up to!); but if you:

Have an actively monitored security email alias for Knative. This cannot be a personal email address, it must be a corporate address owned by your organization.
Are involved in redistributing Knative or have a product with a close coupling to Knative.
Have a user base not limited to your own organization.
Are a participant and active contributor in the Knative community.
Accept the Embargo Policy that is outlined at [0].

.. then you may want to join this list. If so, and for more details, please see https://github.com/knative/community/blob/main/working-groups/security/disclosure.md.

[0]: https://github.com/knative/community/blob/main/working-groups/security/disclosure.md

[1]: https://github.com/knative/community/blob/main/working-groups/security/responding.md

Thanks,

Julz on behalf of the Security Working Group

Reply all

Reply to author

Forward

0 new messages