diff options
| author | Pushkar Joglekar <3390906+PushkarJ@users.noreply.github.com> | 2021-09-24 16:10:21 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-09-24 16:10:21 -0700 |
| commit | 9d04571580795e38ea11013dd55f1def6f28ac33 (patch) | |
| tree | 3e7f031797d9265ddd8ecfbba757d902861c44c0 /sig-security | |
| parent | 4c4ccd1b09409b30f0777d11b4e3b2a7de2cf452 (diff) | |
Replace k/security with k/committee-security-response in k/community/sig-security (#6008)
* Replace k/security with k/committee-security-response
Minor updates from PSC to SRC
* Updated references from master to main branch
Diffstat (limited to 'sig-security')
| -rw-r--r-- | sig-security/charter.md | 2 | ||||
| -rw-r--r-- | sig-security/sig-security-external-audit/README.md | 8 |
2 files changed, 5 insertions, 5 deletions
diff --git a/sig-security/charter.md b/sig-security/charter.md index 23649f33..54b154fa 100644 --- a/sig-security/charter.md +++ b/sig-security/charter.md @@ -14,7 +14,7 @@ SIG Security continues to manage the third-party security audits, while serving #### Vulnerability Management Process -Work with the Kubernetes [Product Security Committee (PSC)](https://github.com/kubernetes/security#product-security-committee-psc) to define the processes for fixing and disclosing vulnerabilities, as outlined in https://github.com/kubernetes/security. For example: +Work with the Kubernetes [Security Response Committee (SRC)](https://github.com/kubernetes/committee-security-response#security-response-committee-src) to define the processes for fixing and disclosing vulnerabilities, as outlined in https://github.com/kubernetes/committee-security-response. For example: - When the private fix & release process is invoked - How vulnerabilities are rated diff --git a/sig-security/sig-security-external-audit/README.md b/sig-security/sig-security-external-audit/README.md index 399a6f27..f765d299 100644 --- a/sig-security/sig-security-external-audit/README.md +++ b/sig-security/sig-security-external-audit/README.md @@ -5,8 +5,8 @@ The SIG Security External Audit subproject (subproject, henceforth) is responsible for coordinating regular, comprehensive, third-party security audits. The subproject publishes the deliverables of the audit after abiding to the -[Security Release Process](https://github.com/kubernetes/security/blob/master/security-release-process.md) and -[embargo policy](https://github.com/kubernetes/security/blob/master/private-distributors-list.md#embargo-policy). +[Security Release Process](https://github.com/kubernetes/committee-security-response/blob/main/security-release-process.md) and +[embargo policy](https://github.com/kubernetes/committee-security-response/blob/main/private-distributors-list.md#embargo-policy). - [Request for Proposal (RFP)](#rfp) - [Security Audit Scope](#security-audit-scope) @@ -53,8 +53,8 @@ The question period is typically open between the RFP's opening date and closing Proposals are reviewed by the subproject proposal reviewers after the RFP closing date. An understanding of security audits is required to be a proposal reviewer. All proposal reviewers must agree to abide by the -**[Security Release Process](https://github.com/kubernetes/security/blob/master/security-release-process.md)**, -**[embargo policy](https://github.com/kubernetes/security/blob/master/private-distributors-list.md#embargo-policy)**, +**[Security Release Process](https://github.com/kubernetes/committee-security-response/blob/main/security-release-process.md)**, +**[embargo policy](https://github.com/kubernetes/committee-security-response/blob/main/private-distributors-list.md#embargo-policy)**, and have no [conflict of interest](#conflict-of-interest) the tracking issue. This is done by placing a comment on the issue associated with the security audit. e.g. `I agree to abide by the guidelines set forth in the Security Release Process, specifically the embargo on CVE |