1# Security Policy
2
3## Reporting a Vulnerability
4The KubeVirt project treats security vulnerabilities seriously, so we
5strive to take action quickly when required.
6
7The project requests that security issues be disclosed in a responsible
8manner to allow adequate time to respond. If a security issue or
9vulnerability has been found, please disclose the details to our
10dedicated email address:
11
12cncf-kubevirt-security@lists.cncf.io [PGP](#PGP Encryption)
13
14Please include as much information as possible with the report. The
15following details assist with analysis efforts:
16 - Description of the vulnerability
17 - Affected component (version, commit, branch etc)
18 - Affected code (file path, line numbers)
19 - Exploit code
20
21Any confidential information disclosed to the security team will be
22handled appropriately to prevent misuse or accidental disclosure.
23
24## PGP Encryption
25Security issues can often be sensitive in nature, so information can be
26disclosed with PGP encryption. Our public key can be found on
27[public keyservers](https://pgp.mit.edu/pks/lookup?search=0x26A3D09E&op=vindex&exact=on)
28and our fingerprint is as follows:
29
30```CEF1 66F8 B929 4CDE 3233 5FCF B3D9 0475 26A3 D09E```
31
32Please note that the above key will not be used for signing releases.
33Please refer to your vendors instructions for verifying packages, images
34or source code.
35
36## Security Notices
37Security notices will be sent to the kubevirt-dev@googlegroups.com
38mailing list and published to the
39[Security Advisories](https://github.com/kubevirt/kubevirt/security/advisories)
40page.
41
42## Security Team
43The security team currently consists of the Maintainers of Kubevirt.
View as plain text