Security disclosure

The Kubewarden team greatly appreciates investigative work into security vulnerabilities carried out by well-intentioned, ethical security researchers. We follow the practice of responsible disclosure in order to best protect Kubewarden's user-base from the impact of security issues. On our side, this means:

• We will respond to security incidents on priority.
• We will release fixes for issues as soon as is practical, keeping in mind that not all risks are created equal.
• We will always transparently let the community know about any incident that affects them.

If you have found a security vulnerability in Kubewarden, we kindly ask that you disclose it responsibly by emailing kubewarden@suse.de. Please do not discuss potential vulnerabilities in public without validating with us first.

On receipt the security team will:

• Review the report, verify the vulnerability and respond with confirmation and/or further information requests.
• Once the reported security bug has been addressed we will notify the Researcher, who is then welcome to optionally disclose publicly.