Establish processes for security issue reporting, evaluation, fix release

envoyproxy / gateway

Manages Envoy Proxy as a Standalone or Kubernetes-based Application Gateway

https://gateway.envoyproxy.io

Apache License 2.0

1.45k stars 296 forks source link

Establish processes for security issue reporting, evaluation, fix release #2924

Open guydc opened 3 months ago

guydc commented 3 months ago

Description: Projects like Envoy proxy have a robust processe for vulnerability management, outlined here.

Envoy Gateway should establish similar processes, communication channels, responsibilities, SLOs, etc.

Additionally, Envoy Gateway security representatives should strive to join the Envoy Proxy private distributor list, to ensure early disclosure of vulnerabilities and proper preparation for fix releases.

github-actions[bot] commented 2 months ago

This issue has been automatically marked as stale because it has not had activity in the last 30 days.

github-actions[bot] commented 2 weeks ago

This issue has been automatically marked as stale because it has not had activity in the last 30 days.