-
Notifications
You must be signed in to change notification settings - Fork 57
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add security policy as per requirements
- Loading branch information
Showing
1 changed file
with
47 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,47 @@ | ||
| # Security Policy | ||
|
|
||
| Thank you for helping improve the security of the NVIDIA Network Operator project. We take security very seriously and appreciate your efforts to responsibly disclose any vulnerabilities you may discover. | ||
|
|
||
| ## Supported Versions | ||
|
|
||
| We currently maintain and support security updates for the latest stable release of the network-operator. Please refer to the [release notes](https://docs.nvidia.com/networking/software/cloud-orchestration/index.html) for details on the supported versions. If you are using an older release, we encourage you to upgrade to the latest secure version as soon as possible. | ||
|
|
||
| ## Reporting a Vulnerability | ||
|
|
||
| If you believe you have found a security vulnerability in this project, please follow these steps to report it responsibly: | ||
|
|
||
| 1. **Gather Details:** | ||
| Include a clear and concise description of the vulnerability, including: | ||
| - Affected versions. | ||
| - Detailed steps to reproduce the issue. | ||
| - An assessment of the potential impact. | ||
| - Any proof-of-concept or sample exploit code (if available). | ||
|
|
||
| 2. **Send a Report:** | ||
| Please send the details via email to our security team at: | ||
| **[email protected]** | ||
| Use a subject line similar to: | ||
| `Security Vulnerability Report: [Brief Description]` | ||
|
|
||
| 3. **Follow Up:** | ||
| After your report is received, we will work with you to understand and resolve the issue. We request that you do not publicly disclose the vulnerability until we have had an opportunity to address it. | ||
|
|
||
| ## Responsible Disclosure | ||
|
|
||
| We adhere to responsible disclosure practices: | ||
| - **Confidentiality:** Your report will be kept confidential until a fix or mitigation is in place. | ||
| - **Coordination:** We will coordinate with you on any public disclosure once a resolution has been implemented. | ||
| - **Attribution:** With your permission, we may attribute the vulnerability report in our security advisory. | ||
|
|
||
| ## Security Updates | ||
|
|
||
| Once a vulnerability is confirmed and a fix is developed: | ||
| - A security advisory will be published detailing the nature of the vulnerability, its impact, and instructions on how to update to a secure release. | ||
| - We strongly encourage all users to upgrade to the latest version once a patch is available. | ||
|
|
||
| ## Contact | ||
|
|
||
| For questions related to this policy or any security concerns, please reach out to our team at: | ||
| **[email protected]** | ||
|
|
||
| Thank you for your cooperation and commitment to keeping the NVIDIA Network Operator secure. |