From 89af576dddbd49e8af80dca6ab696bff40d3c14c Mon Sep 17 00:00:00 2001 From: Andy Tinkham Date: Fri, 31 Oct 2025 15:52:36 -0500 Subject: [PATCH] Updated SECURITY.md file Signed-off-by: Andy Tinkham --- SECURITY.md | 40 ++-------------------------------------- 1 file changed, 2 insertions(+), 38 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 5315a39..a72f225 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,42 +1,6 @@ # Security Policies and Procedures -This document outlines security procedures and general policies for the CyberArk Conjur -suite of tools and products. - - * [Reporting a Bug](#reporting-a-bug) - * [Disclosure Policy](#disclosure-policy) - * [Comments on this Policy](#comments-on-this-policy) - ## Reporting a Bug +CyberArk takes product security very seriously. If you believe you have found a vulnerability in one of our products, we ask that you follow responsible disclosure guidelines and contact product_security@cyberark.com and work with us toward a quick resolution to protect our customers. -The CyberArk Conjur team and community take all security bugs in the Conjur suite seriously. -Thank you for improving the security of the Conjur suite. We appreciate your efforts and -responsible disclosure and will make every effort to acknowledge your -contributions. - -Report security bugs by emailing the lead maintainers at security@conjur.org. - -The maintainers will acknowledge your email within 2 business days. Subsequently, we will -send a more detailed response within 2 business days of our acknowledgement indicating -the next steps in handling your report. After the initial reply to your report, the security -team will endeavor to keep you informed of the progress towards a fix and full -announcement, and may ask for additional information or guidance. - -Report security bugs in third-party modules to the person or team maintaining -the module. - -## Disclosure Policy - -When the security team receives a security bug report, they will assign it to a -primary handler. This person will coordinate the fix and release process, -involving the following steps: - - * Confirm the problem and determine the affected versions. - * Audit code to find any potential similar problems. - * Prepare fixes for all releases still under maintenance. These fixes will be - released as fast as possible. - -## Comments on this Policy - -If you have suggestions on how this process could be improved please submit a -pull request. +Refer to [CyberArk's Security Vulnerability Policy](https://www.cyberark.com/cyberark-security-vulinerability-policy.pdf) for more details \ No newline at end of file