Kubernetes Security Release Process and Security Committee documentation.
To report a vulnerability, please refer to https://kubernetes.io/security.
The Security Response Committee (SRC) is responsible for triaging and handling the security issues for Kubernetes. Following are the current Security Response Committee members:
- CJ Cullen (@cjcullen)
<cjcullen@google.com> - Craig Ingram (@cji)
<cjingram@google.com> - Joel Smith (@joelsmith)
<joelsmith@redhat.com>[4096R/0x1688ADC79BECDDAF] - Micah Hausler (@micahhausler)
<mhausler@amazon.com> - Mo Khan (@enj)
<i@monis.app> - Rita Zhang (@ritazh)
rita.z.zhang@gmail.com - Sri Saran Balaji (@SaranBalaji90)
<srajakum@amazon.com> - Tabitha Sable (@tabbysable)
<tabitha.c.sable@gmail.com>
There are a number of contact points for the SRC and release managers in charge of security releases. Please use the correct forum for the best and fastest response.
| List or Group | Visibility | Uses |
|---|---|---|
| security@kubernetes.io | Private | Kubernetes security disclosures. This list is closely monitored and triaged by the SRC. See the disclosure guide for full details. |
| kubernetes-security-discuss Google Group | Public | Discussion about security disclosure handling, this document, and other updates. |
| release-managers-private@kubernetes.io | Private | Release Managers private discussion. All members are subscribed to security@kubernetes.io. |
| security-discuss-private@kubernetes.io | Private | SRC private discussion. All members are subscribed to security@kubernetes.io |
Learn how to engage with the Kubernetes community on the community page.
Participation in the Kubernetes community is governed by the Kubernetes Code of Conduct.