summaryrefslogtreecommitdiffstats
path: root/SECURITY.md
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2019-11-28 04:53:29 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2019-11-28 04:53:29 +0000
commit17c93e2be4ad7b3af0cd6878bdd5d8a4a3e6da99 (patch)
tree3e0c96613972e8bb4afdeeb97a034806363ddfa9 /SECURITY.md
parentReleasing debian version 1.18.1-1. (diff)
downloadnetdata-17c93e2be4ad7b3af0cd6878bdd5d8a4a3e6da99.tar.xz
netdata-17c93e2be4ad7b3af0cd6878bdd5d8a4a3e6da99.zip
Merging upstream version 1.19.0.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'SECURITY.md')
-rw-r--r--SECURITY.md45
1 files changed, 0 insertions, 45 deletions
diff --git a/SECURITY.md b/SECURITY.md
deleted file mode 100644
index 4badf281..00000000
--- a/SECURITY.md
+++ /dev/null
@@ -1,45 +0,0 @@
-# Security Policy
-
-## Supported Versions
-
-| Version | Supported |
-|------- | --------- |
-| Latest | Yes |
-
-## Reporting a Vulnerability
-
-We’re extremely grateful for security researchers and users that report vulnerabilities to Netdata Open Source Community. All reports are thoroughly investigated by a set of community volunteers.
-
-To make a report, please create a post [here](https://groups.google.com/a/netdata.cloud/forum/#!newtopic/security) with
-the vulnerability details and the details expected for [all Netdata bug
-reports](https://github.com/netdata/netdata/blob/c1f4c6cf503995cd4d896c5821b00d55afcbde87/.github/ISSUE_TEMPLATE/bug_report.md).
-
-### When Should I Report a Vulnerability?
-
-- You think you discovered a potential security vulnerability in Netdata
-- You are unsure how a vulnerability affects Netdata
-- You think you discovered a vulnerability in another project that Netdata depends on (e.g. python, node, etc)
-
-### When Should I NOT Report a Vulnerability?
-
-- You need help tuning Netdata for security
-- You need help applying security related updates
-- Your issue is not security related
-
-### Security Vulnerability Response
-
-Each report is acknowledged and analyzed by Netdata Team members within 3 working days. This will set off a Security Release Process.
-
-Any vulnerability information shared with Netdata Team stays within Netdata project and will not be disseminated to other projects unless it is necessary to get the issue fixed.
-
-As the security issue moves from triage, to identified fix, to release planning we will keep the reporter updated.
-
-### Public Disclosure Timing
-
-A public disclosure date is negotiated by the Netdata team and the bug submitter. We prefer to fully disclose the bug as soon as possible once a user mitigation is available. It is reasonable to delay disclosure when the bug or the fix is not yet fully understood, the solution is not well-tested, or for vendor coordination. The timeframe for disclosure is from immediate (especially if it's already publicly known) to a few weeks. As a basic default, we expect report date to disclosure date to be on the order of 7 days. The Netdata team holds the final say when setting a disclosure date.
-
-### Security Announcements
-
-Every time a security issue is fixed in Netdata, we immediately release a new version of it. So, to get notified of all security incidents, please subscribe to our releases on github.
-
-[![analytics](https://www.google-analytics.com/collect?v=1&aip=1&t=pageview&_s=1&ds=github&dr=https%3A%2F%2Fgithub.com%2Fnetdata%2Fnetdata&dl=https%3A%2F%2Fmy-netdata.io%2Fgithub%2Fdocs%2FSECURITY&_u=MAC~&cid=5792dfd7-8dc4-476b-af31-da2fdb9f93d2&tid=UA-64295674-3)](<>)