From 5b64f2112ddb409c05a7a4e9f02f305c60b1f5d8 Mon Sep 17 00:00:00 2001 From: EndlessSeeker <1766508902@qq.com> Date: Tue, 28 Apr 2026 16:24:10 +0800 Subject: [PATCH] docs: add ASRC as supplementary vulnerability reporting channel in SECURITY.md Change-Id: I52297cb7169a9997be08e8d4c69db599113d960a Co-developed-by: Kiro Signed-off-by: EndlessSeeker <1766508902@qq.com> --- SECURITY.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 123d56692..ab34736f5 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -17,12 +17,18 @@ your contributions. **Please do NOT report security vulnerabilities through public GitHub issues, discussions, or pull requests.** -Instead, please report them through one of the following private channels: +Instead, please report them through one of the following private channels +(choose either one): - **GitHub Private Security Advisory**: - **Email**: [higress@googlegroups.com](mailto:higress@googlegroups.com) +In addition, we recommend also reporting the vulnerability to the +[Alibaba Security Response Center (ASRC)](https://security.alibaba.com/), +as Higress is widely deployed on Alibaba Cloud infrastructure. Reporting to +ASRC helps ensure timely patching for cloud-hosted deployments. + Please include as much of the following information as possible to help us triage and address the issue: