mirror of
https://github.com/fleetdm/fleet
synced 2026-05-24 09:28:54 +00:00
23 lines
1.1 KiB
Markdown
23 lines
1.1 KiB
Markdown
# Security Policy
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
Please report any vulnerabilities discovered in Fleet products to security **at** fleetdm.com.
|
|
|
|
Fleet endeavors to acknowledge and fix any reported vulnerabilities ASAP. Acknowledgement is typically within 1 business day, and patches usually go out within 5 business days (depending on severity and timing).
|
|
|
|
### PGP Key
|
|
|
|
To encrypt vulnerability reports before sending them, please use this [PGP key](https://keys.openpgp.org/vks/v1/by-fingerprint/82F2AF19547E462A4605D53801B2575E46766EBE).
|
|
|
|
The fingerprint of the key is `82F2 AF19 547E 462A 4605 D538 01B2 575E 4676 6EBE`.
|
|
|
|
### Vulnerability tracking
|
|
|
|
GitHub issues concerning vulnerabilities will be tagged with the **security** label to differentiate them from other issues and maintain SOC2 compliance.
|
|
|
|
See [security/README.md](./security/README.md) for more information on our process to keep Fleet products secure.
|
|
|
|
### Compatibility
|
|
|
|
Fleet reserves the right to make breaking changes for security. Security fixes may introduce backward-incompatible changes and may be released in minor or patch versions.
|