Responsible Disclosure Policy
If you discover a security vulnerability, the Spinnaker Security SIG would like to know about it. The quicker we know, the quicker we can take steps to address the issue. We ask that you not publicly disclose the vulnerability until we have had the chance to investigate and determine the impact.
How to report a security vulnerability in Spinnaker?
If you believe that you have found a security vulnerability in Spinnaker, please email email@example.com to report the issue. Include the following in the report:
- Description of the vulnerability
- Potential impact of the vulnerability
- A detailed description of how to reproduce the vulnerability (including scripts, screenshots, etc)
Security SIG Roadmap
Security SIG Roadmap defines the work that we want to do for 2019.