Skip to content

docs: security company policy updates #6677

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
blackboxsw wants to merge 1 commit into
base: main
Choose a base branch
from
Open

docs: security company policy updates #6677

blackboxsw wants to merge 1 commit into from
+2 −31

Conversation

@blackboxsw
Copy link
Collaborator

@blackboxsw blackboxsw commented Jan 16, 2026

Add company compliant security docs and reference given internal policies.

Redact unnecessary duplication of data

Proposed Commit Message

docs: security company policy updates

Additional Context

Test Steps

Merge type

  • Squash merge using "Proposed Commit Message"
  • Rebase and merge unique commits. Requires commit messages per-commit each referencing the pull request number (#<PR_NUM>)

holmanb
holmanb reviewed Jan 17, 2026
View reviewed changes
SECURITY.md
includes disclosure of any details related to the vulnerability or the
presence of a vulnerability itself. Violation of this policy may result in
removal from the list for the company or individual involved.
To report a security issue, file a [Private Security Report](https://github.com/canonical/cloud-init/security/advisories/new) with a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue.
Copy link
Member

@holmanb holmanb Jan 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This link appears broken.

Copy link
Collaborator Author

@blackboxsw blackboxsw Jan 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Strange, when I view the full file the markdown renders the correct link https://github.com/canonical/cloud-init/security/advisories/new for me. I wonder if the permissions somehow lock you out? Are you getting 403?

Copy link
Member

@holmanb holmanb Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The rendering doesn't seem to be an issue. I get a 404 - same if I click on the link you shared.

Copy link
Member

@holmanb holmanb Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, there are now two conflicting ways to report bugs: email and github - but no advice on which one to choose or why.

Do we still need the section above?

@blackboxsw blackboxsw marked this pull request as draft January 20, 2026 16:43
@blackboxsw blackboxsw marked this pull request as ready for review January 20, 2026 16:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@holmanb holmanb holmanb left review comments

Assignees

@holmanb holmanb

Labels

security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@blackboxsw @holmanb