This repository has been archived by the owner on Jun 28, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 308
(CII) Vulnerability Report Process #1031
Labels
kind/feedback
General feedback. Actionable items are converted to a different 'kind/*'
owner/community
Work executed by VMware community team
Milestone
Comments
pnbrown
added
kind/feature
A request for a new feature
triage/needs-triage
Needs triage by TCE maintainers
labels
Jul 12, 2021
Related is that we'll need some process for handling and notifying in the releases about patched CVEs. |
Guessing here, but much of what is done by a VMware project that has a CII badge can be reused here e.g. velero They have a CII badge and their answers to above questions can be found here: https://bestpractices.coreinfrastructure.org/en/projects/3811#reporting |
Jonas showed me the site for the security information. Will follow up there to get this one resolved. |
joshrosso
added
owner/community
Work executed by VMware community team
kind/feedback
General feedback. Actionable items are converted to a different 'kind/*'
and removed
triage/needs-triage
Needs triage by TCE maintainers
kind/feature
A request for a new feature
labels
Aug 12, 2021
Bumping this one. We can close out CII once this is completed. |
Did not mean to close this but it looks like it's also being tracked in #1319 |
Does the recent inclusion of SECURITY.md mean that we can close this issue? |
Yes |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
kind/feedback
General feedback. Actionable items are converted to a different 'kind/*'
owner/community
Work executed by VMware community team
Feature Request
There are three requirements in the vulnerability report process section. Do we have a plan for compliance?
Describe alternatives you've considered
N/A
Additional context
N/A
The text was updated successfully, but these errors were encountered: