diff options
Diffstat (limited to '')
| -rw-r--r-- | SECURITY.md (renamed from docs/Netdata-Security-and-Disclosure-Information.md) | 26 |
1 files changed, 15 insertions, 11 deletions
diff --git a/docs/Netdata-Security-and-Disclosure-Information.md b/SECURITY.md index 8e8a66afc..f02968936 100644 --- a/docs/Netdata-Security-and-Disclosure-Information.md +++ b/SECURITY.md @@ -1,18 +1,18 @@ -# Netdata Security and Disclosure Information +# Security Policy -This page describes netdata security and disclosure information. +## Supported Versions -## Security Announcements +| Version | Supported | +| ------- | ------------------ | +| Latest | Yes | -Every time a security issue is fixed in netdata, we immediately release a new version of it. So, to get notified of all security incidents, please subscribe to our releases on github. - -## Report a Vulnerability +## Reporting a Vulnerability We’re extremely grateful for security researchers and users that report vulnerabilities to Netdata Open Source Community. All reports are thoroughly investigated by a set of community volunteers. -To make a report, please email the private [security@netdata.cloud](mailto:security@netdata.cloud) list with the security details and the details expected for [all netdata bug reports](../.github/ISSUE_TEMPLATE/bug_report.md). +To make a report, please create a post [here](https://groups.google.com/a/netdata.cloud/forum/#!newtopic/security) with the vulnerability details and the details expected for [all Netdata bug reports](.github/ISSUE_TEMPLATE/bug_report.md). -## When Should I Report a Vulnerability? +### When Should I Report a Vulnerability? - You think you discovered a potential security vulnerability in Netdata - You are unsure how a vulnerability affects Netdata @@ -24,7 +24,7 @@ To make a report, please email the private [security@netdata.cloud](mailto:secur - You need help applying security related updates - Your issue is not security related -## Security Vulnerability Response +### Security Vulnerability Response Each report is acknowledged and analyzed by Netdata Team members within 3 working days. This will set off a Security Release Process. @@ -32,8 +32,12 @@ Any vulnerability information shared with Netdata Team stays within Netdata proj As the security issue moves from triage, to identified fix, to release planning we will keep the reporter updated. -## Public Disclosure Timing +### Public Disclosure Timing A public disclosure date is negotiated by the Netdata team and the bug submitter. We prefer to fully disclose the bug as soon as possible once a user mitigation is available. It is reasonable to delay disclosure when the bug or the fix is not yet fully understood, the solution is not well-tested, or for vendor coordination. The timeframe for disclosure is from immediate (especially if it's already publicly known) to a few weeks. As a basic default, we expect report date to disclosure date to be on the order of 7 days. The Netdata team holds the final say when setting a disclosure date. -[]() +### Security Announcements + +Every time a security issue is fixed in Netdata, we immediately release a new version of it. So, to get notified of all security incidents, please subscribe to our releases on github. + +[]() |