11# Security Policy
2- We are very grateful to the security researchers and users that report
3- back Layer5 project security vulnerabilities. We investigate every report thoroughly.
2+ We are very grateful to the security researchers and users who report
3+ Layer5 project security vulnerabilities. We investigate every report thoroughly.
44
55## Reporting a vulnerability
66To make a report, send an email to the private
@@ -16,36 +16,36 @@ Send us a report whenever you:
1616- Think Layer5 projects have a potential security vulnerability.
1717- Are unsure whether or how a vulnerability affects Layer5 projects.
1818- Think a vulnerability is present in another project that Layer5 projects
19- depend on (Docker for example).
19+ depend on (Docker, for example).
2020
2121### When not to report a security vulnerability?
2222
2323Don't send a vulnerability report if:
2424
2525- You need help tuning Layer5 project components for security.
26- - You need help applying security related updates.
27- - Your issue is not security related.
26+ - You need help applying security- related updates.
27+ - Your issue is not security- related.
2828
2929## Evaluation
3030
3131The Layer5 team acknowledges and analyzes each vulnerability report within 10 working days.
3232
3333Any vulnerability information you share with the Layer5 team stays
34- within the Layer5 project. We don't disseminate the information to other
34+ within the Layer5 project. We do not disseminate the information to other
3535projects. We only share the information as needed to fix the issue.
3636
37- We keep the reporter updated as the status of the security issue is addressed.
37+ We keep the reporter updated on the status of the security issue as it is addressed.
3838
3939## Fixing the issue
4040
4141Once a security vulnerability has been fully characterized, a fix is developed by the Layer5 team.
42- The development and testing for the fix happens in a private GitHub repository in order to prevent
42+ The development and testing for the fix happen in a private GitHub repository in order to prevent
4343premature disclosure of the vulnerability.
4444
4545## Early disclosure
4646
4747The Layer5 team maintains a mailing list for private early disclosure of security vulnerabilities.
48- The list is used to provide actionable information to close Layer5 partners. The list is not intended
48+ The list is used to provide actionable information to trusted Layer5 partners. The list is not intended
4949for individuals to find out about security issues.
5050
5151## Public disclosure
@@ -54,11 +54,11 @@ On the day chosen for public disclosure, a sequence of activities takes place as
5454
5555- Changes are merged from the private GitHub repository holding the fix into the appropriate set of public
5656branches.
57- - Layer5 team ensures all necessary binaries are promptly built and published.
57+ - The Layer5 team ensures all necessary binaries are promptly built and published.
5858- Once the binaries are available, an announcement is sent out on the following channels:
5959 - The [ Layer5 blog] ( https://layer5.io/blog/ )
6060 - The [ Layer5 Twitter feed] ( https://twitter.com/layer5 )
6161 - The #announcements channel on Slack
6262
63- As much as possible this announcement will be actionable, and include any mitigating steps customers can take prior to
64- upgrading to a fixed version.
63+ As much as possible, this announcement will be actionable and include any mitigating steps customers can take prior to
64+ upgrading to a fixed version.
0 commit comments