Do you have a Secure Development Lifecycle (SDL) in place that includes a vulnerability management process and timely closure of vulnerabilities?

[ericashi]

Component(s)

No response

Describe the issue you're reporting

Hi,

I am currently doing a security checking based on my company's policy. Following is the question I was requested to ask.

Do you have a Secure Development Lifecycle (SDL) in place that includes a vulnerability management process and timely closure of vulnerabilities?

Thank you.

Best Regards,
Erica Ooi

[ericashi]

Hi,

May I follow-up on this question, please?

Thank you.

Best Regards,
Erica Ooi

[ericashi]

Hi,

May I follow-up on this question, please?

Thank you.

Best Regards,
Erica Ooi

[ericashi]

Hi,

May I follow-up on this question, please?

Thank you.

Best Regards,
Erica Ooi

[ericashi]

Hi,

May I follow-up on this question, please?

Thank you.

Best Regards,
Erica Ooi

[ericashi]

Hi,

May I know do you have a Secure Development Lifecycle (SDL) in place that includes a vulnerability management process and timely closure of vulnerabilities?

Thank you.

Best Regards,
Erica

[ericashi]

Hi,

May I kindly request to follow up on this particular item? Your attention to this matter is greatly appreciated, and I would be grateful for an answer you can provide.

Thank you for your kind consideration, and I look forward to hearing from you soon.

Best Regards,
Erica Ooi

[bryan-aguilar]

Hi @ericashi, would you be able to attend a Collector SIG meeting to ask these questions? I think collector maintainers may be the best ones to answer this. Our SIG meeting schedule can be found here. \

cc: @open-telemetry/collector-contrib-maintainer

[codeboten]

@ericashi the Security SIG is putting together a recommendation for the OpenTelemetry org. There's a PR here: https://github.com/open-telemetry/sig-security/pull/18/files

Please take a look at leave comments on that pull request.

[ericashi]

Hi @codeboten and @bryan-aguilar ,

I sincerely appreciate you taking the time to provide information on this matter.

Best Regards,
Erica Ooi