This is unreleased documentation for Admission Controller 1.30-next.

Security disclosure

The SUSE Security Admission Controller team appreciates investigative work on security vulnerabilities carried out by well-intentioned, ethical security researchers. Admission Controller follows the practice of [responsible disclosure](https://en.wikipedia.org/wiki/Responsible_disclosure) to best protect Admission Controller’s user base from the impact of security issues. On Admission Controller’s side, this means:

Admission Controller responds to security incidents on priority.
Admission Controller releases fixes for issues as soon as is practical, prioritizing by risk.
Admission Controller always transparently lets the community know about any incident that affects them.

If you have found a security vulnerability in Admission Controller, the easiest way to report a vulnerability is through the Security tab on GitHub. This mechanism allows maintainers to communicate privately with you, and you don’t need to encrypt your messages.

Alternatively, you can disclose it responsibly by emailing xref:cncf-kubewarden-maintainers@lists.cncf.io in an unencrypted message. Please don’t discuss potential vulnerabilities in public without validating with us first.

You can also come talk in our slack-room on the Kubernetes Slack server.

On receipt the security team:

Reviews the report, verifies the vulnerability and responds with confirmation and/or further information requests.
After addressing the reported security bug, Admission Controller notifies the Researcher, who is then welcome to optionally disclose publicly.

Please, refer to the community repository to find more about the project Governance and Security Policy.