istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add more details to security disclosure page (#8228) 

* Add more details to security disclosure page

Attempt to get people to stop publicly filing security vulns in github

* Update content/en/about/security-vulnerabilities/index.md

Co-authored-by: Francois Pesce <fpesce@google.com>

* Update content/en/about/security-vulnerabilities/index.md

Co-authored-by: Neeraj Poddar <nrjpoddar@gmail.com>

Co-authored-by: Francois Pesce <fpesce@google.com>
Co-authored-by: Neeraj Poddar <nrjpoddar@gmail.com>
This commit is contained in:
John Howard 2020-09-30 09:08:15 -07:00 committed by GitHub
parent b9c31e1352
commit 265500101f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
content/en/about/security-vulnerabilities/index.md
View File

@ -25,6 +25,11 @@ Send us a report whenever you:
- Think a vulnerability is present in another project that Istio
depends on. For example, Envoy, Docker, or Kubernetes.
When in doubt, please disclose privately. This includes, but is not limited to:
* Any crash, especially in Envoy
* Any security policy (like Authentication or Authorization) bypass or weakness
* Any potential Denial of Service (DoS)
### When not to report a security vulnerability?
Don't send a vulnerability report if: