This topic describes the processes for disclosing security issues and releasing related fixes for VMware Tanzu Kubernetes Grid Integrated Edition, Kubernetes, VMware NSX, and VMware Harbor.
VMware provides security coverage for Tanzu Kubernetes Grid Integrated Edition. Please report any vulnerabilities directly to the VMware Security Response Center.
Security fixes are provided in accordance with the Ops Manager Security Overview and Policy.
Where applicable, security issues may be coordinated with the responsible disclosure process for the open source security teams in Kubernetes and Cloud Foundry projects.
VMware follows the Kubernetes responsible disclosure process to work within the Kubernetes project to report and address suspected security issues with Kubernetes.
This process is discussed in Kubernetes Security and Disclosure Information.
When the Kubernetes project releases security fixes, Tanzu Kubernetes Grid Integrated Edition releases fixes according to the Ops Manager Security Overview and Policy.
VMware follows the Cloud Foundry Foundation (CFF) responsible disclosure process to report and address suspected security issues.
This process is discussed in Cloud Foundry Security.
When the Cloud Foundry Foundation releases security fixes, Tanzu Kubernetes Grid Integrated Edition releases fixes according to the Ops Manager Security Overview and Policy.
Security issues in VMware NSX are coordinated with the VMware Security Response Center.
Security issues in VMware Harbor are coordinated with the VMware Security Response Center.