jiazhizhong/higress
1
0
Fork 0
mirror of https://github.com/alibaba/higress.git synced 2026-05-21 19:27:28 +08:00
Code Issues Packages Projects Releases Wiki Activity

docs: update SECURITY.md and CODE_OF_CONDUCT.md reporting channels

Browse Source 
- SECURITY.md: require reporting to both GitHub Private Security Advisory
  and ASRC, remove email channel
- CODE_OF_CONDUCT.md: unify reporting to CNCF CoC Committee (conduct@cncf.io),
  add reference to CNCF Incident Resolution Procedures

Change-Id: I771880e9c488247f015dda4ecb0dac95be29fef1
Co-developed-by: Kiro <noreply@kiro.dev>
Signed-off-by: EndlessSeeker <1766508902@qq.com>
This commit is contained in:
EndlessSeeker
2026-04-28 16:45:35 +08:00
parent 5b64f2112d
commit fa9c096a7d
2 changed files with 15 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
SECURITY.md
View File

@@ -17,17 +17,12 @@ your contributions.
**Please do NOT report security vulnerabilities through public GitHub issues,
discussions, or pull requests.**
Instead, please report them through one of the following private channels
(choose either one):
Instead, please report them through **both** of the following private channels:
- **GitHub Private Security Advisory**:
<https://github.com/higress-group/higress/security/advisories/new>
- **Email**: [higress@googlegroups.com](mailto:higress@googlegroups.com)
In addition, we recommend also reporting the vulnerability to the
[Alibaba Security Response Center (ASRC)](https://security.alibaba.com/),
as Higress is widely deployed on Alibaba Cloud infrastructure. Reporting to
ASRC helps ensure timely patching for cloud-hosted deployments.
1. **GitHub Private Security Advisory**:
<https://github.com/higress-group/higress/security/advisories/new>
2. **Alibaba Security Response Center (ASRC)**:
<https://security.alibaba.com/>
Please include as much of the following information as possible to help us
triage and address the issue:
@@ -59,8 +54,8 @@ keep you informed of our progress throughout the process.
## Security Response Team
The Higress security response is handled by the project maintainers listed in
[`MAINTAINERS.md`](./MAINTAINERS.md). Security reports sent to
higress@googlegroups.com are received by all current maintainers.
[`MAINTAINERS.md`](./MAINTAINERS.md). Security reports submitted via GitHub
Private Security Advisory are visible to all current maintainers.
## Disclosure Policy