The Kubewarden team greatly appreciates investigative work into security vulnerabilities carried out by well-intentioned, ethical security researchers. We follow the practice of responsible disclosure in order to best protect Kubewarden's user-base from the impact of security issues. On our side, this means:
- We will respond to security incidents on priority.
- We will release fixes for issues as soon as is practical, keeping in mind that not all risks are created equal.
- We will always transparently let the community know about any incident that affects them.
If you have found a security vulnerability in Kubewarden, we kindly ask that you disclose it responsibly by emailing firstname.lastname@example.org. Please do not discuss potential vulnerabilities in public without validating with us first.
On receipt the security team will:
- Review the report, verify the vulnerability and respond with confirmation and/or further information requests.
- Once the reported security bug has been addressed we will notify the Researcher, who is then welcome to optionally disclose publicly.