Skip to main content

Security Team Engagement

This guide aims to provide a clear understanding of how to engage with the Cloud Platform team on security-related topics, especially when dealing with sensitive information or implementation details not suitable for public visibility.

We aim to ensure that all security concerns are addressed efficiently and confidentially.

Reporting Security Issues

If you have identified a security issue that involves sensitive information or implementation details not appropriate for public repositories, please use our dedicated private cloud-platform-security-issues repository to report it securely.

Please use the provided issue template when reporting security issues. Issues are automatically added to the Cloud Platforms backlog.

Access Permissions

  • Private Repository: Access to the cloud-platform-security-issues repository is private.
  • Authorized Teams: Only members of the following GitHub teams have access:
    • webops
    • organisation-security-auditor
  • Existing Access: If you are a member of one of these teams, you should already have access to the repository.
  • Requesting Access: If you require access and are not a member of these teams, please contact us via the #ask-cloud-platform Slack channel for assistance.

Engagement Guidelines

Open Collaboration

  • Communication: We encourage open and ongoing communication to ensure all security issues are addressed promptly.
  • Feedback: Feel free to provide feedback or suggestions on how we can improve our collaboration.

Confidentiality

  • Data Protection: All information within the cloud-platform-security-issues repository is confidential.
  • Non-Disclosure: Please refrain from sharing any details outside authorized personnel and channels.

Urgent Cases and Escalation Process

If there is an urgent security issue that requires immediate attention, please follow the escalation process here.

Getting help

If you have any questions, please contact us on #ask-cloud-platform Slack channel.

This page was last reviewed on 24 October 2024. It needs to be reviewed again on 24 April 2025 by the page owner #cloud-platform .
This page was set to be reviewed before 24 April 2025 by the page owner #cloud-platform. This might mean the content is out of date.