# Security Policy

- [Security Policy](#security-policy)
  - [Reporting security problems](#reporting-security-problems)
  - [Vulnerability Management Plans](#vulnerability-management-plans)
    - [Critical Updates And Security Notices](#critical-updates-and-security-notices)

## Reporting security problems

**DO NOT CREATE AN ISSUE** to report a security problem. Instead, please
send an email to kubernetes-security@service.aliyun.com

Please follow the [embargo policy](./embargo-policy.md) for all security-related problems.

## Vulnerability Management Plans

### Critical Updates And Security Notices

We learn about critical software updates and security threats from these sources

1. GitHub Security Alerts
2. [Dependabot](https://dependabot.com/) Dependency Updates