paulmataruso/wazuh-docker-orginal
1
0
Fork 0
mirror of https://github.com/wazuh/wazuh-docker.git synced 2025-11-03 21:43:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Updated SECURITY.md file

Browse Source
This commit is contained in:
David Correa Rodríguez
2024-09-13 13:24:32 +02:00
parent ae9d06ed35
commit 84280fae08
1 changed files with 10 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
SECURITY.md
View File

@@ -16,11 +16,15 @@ Please submit your findings as security advisories under the "Security" tab in t
## Vulnerability Disclosure Policy
Upon receiving a report of a potential vulnerability, our team will initiate an investigation. If the reported issue is confirmed as a vulnerability, we will take the following steps:
- Acknowledgment: We will acknowledge the receipt of your vulnerability report and begin our investigation.
- Validation: We will validate the issue and work on reproducing it in our environment.
- Remediation: We will work on a fix and thoroughly test it
- Release & Disclosure: After 90 days from the discovery of the vulnerability, or as soon as a fix is ready and thoroughly tested (whichever comes first), we will release a security update for the affected project. We will also publicly disclose the vulnerability by publishing a CVE (Common Vulnerabilities and Exposures) and acknowledging the discovering party.
- Exceptions: In order to preserve the security of the Wazuh community at large, we might extend the disclosure period to allow users to patch their deployments.
1. Acknowledgment: We will acknowledge the receipt of your vulnerability report and begin our investigation.
2. Validation: We will validate the issue and work on reproducing it in our environment.
3. Remediation: We will work on a fix and thoroughly test it.
4. Release & Disclosure: After 90 days from the discovery of the vulnerability, or as soon as a fix is ready and thoroughly tested (whichever comes first), we will release a security update for the affected project. We will also publicly disclose the vulnerability by publishing a CVE (Common Vulnerabilities and Exposures) and acknowledging the discovering party.
5. Exceptions: In order to preserve the security of the Wazuh community at large, we might extend the disclosure period to allow users to patch their deployments.
This 90-day period allows for end-users to update their systems and minimizes the risk of widespread exploitation of the vulnerability.