Skip to content

Security: askervin/nri-plugins

Security

SECURITY.md

Security and Disclosure Information Policy for the NRI Plugins Project

Reporting a Vulnerability

If you think you've identified a security issue in a NRI Plugins project, please DO NOT report the issue publicly via the Github issue tracker, mailing list, or IRC. Instead, send an email with as many details as possible to cncf-crio-security@lists.cncf.io or security@containerd.io.

Please do not create a public issue.

Security Announcements

The containerd-security-announce@lists.cncf.io email list is used for messages about plugins security announcements as well as general announcements and discussions.

Security Vulnerability Response

Each report is acknowledged and analyzed by the core maintainers within 3 working days.

Any vulnerability information shared with core maintainers stays within the project and will not be disseminated to other projects unless it is necessary to get the issue fixed.

As the security issue moves from triage, to an identified fix, to release planning, the core maintainers will keep the reporter updated.

There aren’t any published security advisories