grafana/SECURITY.md
Kristian Bremberg 6eeca84bac
Docs: Update SECURITY.md (#67985)
* Update SECURITY.md

* Shorten `SECURITY.md` to link to the bug bounty program

* Add old text back in

* make text clickable

* Add new PGP FP

* adds the new PGP fingerprint
2023-06-21 07:34:42 +01:00

24 lines
1.5 KiB
Markdown

# Reporting security issues
This product is in scope for our Bug Bounty Program. To submit a vulnerability report, please visit [Grafana Labs Bug Bounty Policy page](https://github.com/grafana/bugbounty) and follow the instructions provided. Our security team will review your submission and get back to you as soon as possible.
---
For any other security issues, please send an email to security@grafana.com
Please encrypt your message to us; please use our PGP key. The key fingerprint is:
225E 6A9B BB15 A37E 95EB 6312 C66A 51CC B44C 27E0
The key is available from [keyserver.ubuntu.com](https://keyserver.ubuntu.com/pks/lookup?search=0x225E6A9BBB15A37E95EB6312C66A51CCB44C27E0&fingerprint=on&op=index).
Grafana Labs will send you a response indicating the next steps in handling your report. After the initial reply to your report, the security team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.
**Important:** We ask you to not disclose the vulnerability before it have been fixed and announced, unless you received a response from the Grafana Labs security team that you can do so.
## Security announcements
We will post a summary, remediation, and mitigation details for any patch containing security fixes on the Grafana blog. The security announcement blog posts will be tagged with the [security tag](https://grafana.com/tags/security/).
You can also track security announcements via the [RSS feed](https://grafana.com/tags/security/index.xml).