This is unreleased documentation for Policy Manager 1.26-next.

Security disclosure

The SUSE® Rancher Prime: Admission Policy Manager (Kubewarden) team appreciates investigative work on security vulnerabilities carried out by well-intentioned, ethical security researchers. SUSE Admission Policy Manager follows the practice of [responsible disclosure](https://en.wikipedia.org/wiki/Responsible_disclosure) to best protect SUSE Admission Policy Manager’s user base from the impact of security issues. On SUSE Admission Policy Manager’s side, this means:

  • SUSE Admission Policy Manager responds to security incidents on priority.

  • SUSE Admission Policy Manager releases fixes for issues as soon as is practical, prioritizing by risk.

  • SUSE Admission Policy Manager always transparently lets the community know about any incident that affects them.

If you have found a security vulnerability in SUSE Admission Policy Manager, the easiest way to report a vulnerability is through the Security tab on GitHub. This mechanism allows maintainers to communicate privately with you, and you don’t need to encrypt your messages.

Alternatively, you can disclose it responsibly by emailing xref:[email protected] in an unencrypted message. Please don’t discuss potential vulnerabilities in public without validating with us first.

You can also come talk in our slack-room on the Kubernetes Slack server.

On receipt the security team:

  • Reviews the report, verifies the vulnerability and responds with confirmation and/or further information requests.

  • After addressing the reported security bug, SUSE Admission Policy Manager notifies the Researcher, who is then welcome to optionally disclose publicly.

Please, refer to the community repository to find more about the project Governance and Security Policy.

OSZAR »