The Kubewarden team greatly appreciates investigative work into security vulnerabilities carried out by well-intentioned, ethical security researchers. We follow the practice of responsible disclosure to protect Kubewarden's user-base from the impact of security issues. For us, this means:
- We respond to security incidents on priority.
- We release fixes for issues as soon as is practical, keeping in mind that not all risks are equal.
- We always transparently let the community know about any incident that affects them.
If you have found a security vulnerability in Kubewarden, please disclose it responsibly by emailing kubewarden@suse.de. Please don't discuss potential vulnerabilities in public without validating with us first.
On receipt of a security incident report we:
- Review the report, verify the vulnerability and respond with a confirmation or requests for further information.
- Once the reported security bug has been addressed we tell the Researcher, who is then welcome to disclose publicly if they wish.