From 37157de4d661e5d40f95544ad16262698e2311e1 Mon Sep 17 00:00:00 2001 From: Alexander Maslennikov Date: Wed, 5 Feb 2025 10:40:40 +0100 Subject: [PATCH] Create SECURITY.md Signed-off-by: Alexander Maslennikov --- SECURITY.md | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..6b8f20cc --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,47 @@ +# Security Policy + +Thank you for helping improve the security of the NVIDIA Network Operator project. We take security very seriously and appreciate your efforts to responsibly disclose any vulnerabilities you may discover. + +## Supported Versions + +We currently maintain and support security updates for the latest stable release of the network-operator. Please refer to the [release notes](https://docs.nvidia.com/networking/software/cloud-orchestration/index.html) for details on the supported versions. If you are using an older release, we encourage you to upgrade to the latest secure version as soon as possible. + +## Reporting a Vulnerability + +If you believe you have found a security vulnerability in this project, please follow these steps to report it responsibly: + +1. **Gather Details:** + Include a clear and concise description of the vulnerability, including: + - Affected versions. + - Detailed steps to reproduce the issue. + - An assessment of the potential impact. + - Any proof-of-concept or sample exploit code (if available). + +2. **Send a Report:** + Please send the details via email to our security team at: + **nvidia-network-operator-support@nvidia.com** + Use a subject line similar to: + `Security Vulnerability Report: [Brief Description]` + +3. **Follow Up:** + After your report is received, we will work with you to understand and resolve the issue. We request that you do not publicly disclose the vulnerability until we have had an opportunity to address it. + +## Responsible Disclosure + +We adhere to responsible disclosure practices: +- **Confidentiality:** Your report will be kept confidential until a fix or mitigation is in place. +- **Coordination:** We will coordinate with you on any public disclosure once a resolution has been implemented. +- **Attribution:** With your permission, we may attribute the vulnerability report in our security advisory. + +## Security Updates + +Once a vulnerability is confirmed and a fix is developed: +- A security advisory will be published detailing the nature of the vulnerability, its impact, and instructions on how to update to a secure release. +- We strongly encourage all users to upgrade to the latest version once a patch is available. + +## Contact + +For questions related to this policy or any security concerns, please reach out to our team at: +**nvidia-network-operator-support@nvidia.com** + +Thank you for your cooperation and commitment to keeping the NVIDIA Network Operator secure.