k8s.io/security

Security

Kubernetes Security Release Process and Security Committee documentation.

To report a vulnerability, please refer to https://kubernetes.io/security.

Security Response Committee (SRC)

The Security Response Committee (SRC) is responsible for triaging and handling the security issues for Kubernetes. Following are the current Security Response Committee members:

• CJ Cullen (@cjcullen) <cjcullen@google.com>
• Craig Ingram (@cji) <cjingram@google.com>
• Joel Smith (@joelsmith) <joelsmith@redhat.com> [4096R/0x1688ADC79BECDDAF]
• Micah Hausler (@micahhausler) <mhausler@amazon.com>
• Mo Khan (@enj) <i@monis.app>
• Rita Zhang (@ritazh) rita.z.zhang@gmail.com
• Sri Saran Balaji (@SaranBalaji90) <srajakum@amazon.com>
• Tabitha Sable (@tabbysable) <tabitha.c.sable@gmail.com>

Contacting the SRC

There are a number of contact points for the SRC and release managers in charge of security releases. Please use the correct forum for the best and fastest response.

List or Group	Visibility	Uses
security@kubernetes.io	Private	Kubernetes security disclosures. This list is closely monitored and triaged by the SRC. See the disclosure guide for full details.
kubernetes-security-discuss Google Group	Public	Discussion about security disclosure handling, this document, and other updates.
release-managers-private@kubernetes.io	Private	Release Managers private discussion. All members are subscribed to security@kubernetes.io.
security-discuss-private@kubernetes.io	Private	SRC private discussion. All members are subscribed to security@kubernetes.io

Community, discussion, contribution, and support

Learn how to engage with the Kubernetes community on the community page.

Code of conduct

Participation in the Kubernetes community is governed by the Kubernetes Code of Conduct.