From e908e1c58832946f2e86bf33890e5009ff4f2b75 Mon Sep 17 00:00:00 2001 From: Michael Michael Date: Thu, 19 Sep 2019 15:29:27 -0700 Subject: [PATCH] Update SECURITY.md updating to include cncf lists for public disclosure Signed-off-by: Michael Michael michmike@cs.stanford.edu --- SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 4d7d49740..dae00e67c 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -51,7 +51,7 @@ The Harbor Security Team will respond to vulnerability reports as follows: 8. Once the fix is confirmed, the Security Team will patch the vulnerability in the next patch or minor release, and backport a patch release into all earlier supported releases. ### Fix Disclosure Process -The Security Team publishes an [advisory](https://github.com/goharbor/harbor/security/advisories) to the Harbor community via GitHub. In most cases, additional communication via Slack, Twitter, blog and other channels will assist in educating Harbor users and rolling out the patched release to affected users. +The Security Team publishes an [advisory](https://github.com/goharbor/harbor/security/advisories) to the Harbor community via GitHub. In most cases, additional communication via Slack, Twitter, CNCF lists, blog and other channels will assist in educating Harbor users and rolling out the patched release to affected users. The Security Team will also publish any mitigating steps users can take until the fix can be applied to their Harbor instances.