Skip to content

Security: Anefu/glasskube-operator

Security

SECURITY.md

Security Policy

Reporting a Vulnerability

At Glasskube, we take security seriously and appreciate the efforts of the security community in helping us maintain the integrity of our software. To report a security vulnerability, please follow these guidelines:

  1. Do Not Create GitHub Issues: Please refrain from creating GitHub issues to report security vulnerabilities. We do not want these issues to be publicly disclosed in our repositories.
  2. Contact Us Via Email: Instead, kindly send us an email at support@glasskube.eu to report the vulnerability. This allows us to keep the information confidential and take prompt action.
  3. Include Details: In your email, provide as much information as possible about the vulnerability, including a detailed description, potential impact, and any relevant steps to reproduce the issue. The more information you can provide, the better we can understand and address the problem.
  4. Response Time: We are committed to acknowledging your report as soon as possible. You can expect an initial response within 3 business days. Our team will investigate the issue and keep you informed of our progress.
  5. Vulnerability Handling: When we receive a security report, we will assess the severity of the vulnerability. If the vulnerability is accepted, we will work on a fix and keep you informed about the progress. If it is declined, we will provide a clear explanation of our decision.
  6. Responsible Disclosure: We greatly appreciate responsible disclosure, and we request that you refrain from disclosing the vulnerability publicly until we have had the opportunity to address the issue and provide a fix or mitigation.

Your collaboration in helping us maintain a secure environment is invaluable. We thank you for your responsible reporting and dedication to improving the security of Glasskube.

⚠️ Note: Please adhere to our Responsible Disclosure Policy and guidelines when reporting vulnerabilities.

There aren’t any published security advisories