Security Team Engagement
This guide aims to provide a clear understanding of how to engage with the Cloud Platform team on security-related topics, especially when dealing with sensitive information or implementation details not suitable for public visibility.
We aim to ensure that all security concerns are addressed efficiently and confidentially.
Reporting Security Issues
If you have identified a security issue that involves sensitive information or implementation details not appropriate for public repositories, please use our dedicated private cloud-platform-security-issues repository to report it securely.
Please use the provided issue template when reporting security issues. Issues are automatically added to the Cloud Platforms backlog.
Access Permissions
- Private Repository: Access to the
cloud-platform-security-issues
repository is private. - Authorized Teams: Only members of the following GitHub teams have access:
webops
organisation-security-auditor
- Existing Access: If you are a member of one of these teams, you should already have access to the repository.
- Requesting Access: If you require access and are not a member of these teams, please contact us via the
#ask-cloud-platform
Slack channel for assistance.
Engagement Guidelines
Open Collaboration
- Communication: We encourage open and ongoing communication to ensure all security issues are addressed promptly.
- Feedback: Feel free to provide feedback or suggestions on how we can improve our collaboration.
Confidentiality
- Data Protection: All information within the
cloud-platform-security-issues
repository is confidential. - Non-Disclosure: Please refrain from sharing any details outside authorized personnel and channels.
Urgent Cases and Escalation Process
If there is an urgent security issue that requires immediate attention, please follow the escalation process here.
Getting help
If you have any questions, please contact us on #ask-cloud-platform
Slack channel.