docs: security company policy updates#6677
Merged
blackboxsw merged 3 commits intocanonical:mainfrom Jan 31, 2026
Merged
Conversation
holmanb
reviewed
Jan 17, 2026
holmanb
requested changes
Jan 30, 2026
Member
holmanb
left a comment
holmanb
left a comment
There was a problem hiding this comment.
Thanks for the updates @blackboxsw.
SECURITY.md
Outdated
| includes disclosure of any details related to the vulnerability or the | ||
| presence of a vulnerability itself. Violation of this policy may result in | ||
| removal from the list for the company or individual involved. | ||
| To report a security issue, file a [Private Security Report](https://github.com/canonical/cloud-init/security/advisories/new) with a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue. |
Member
There was a problem hiding this comment.
"To report a security issue" is redundant due to the section header
... and any known mitigations for the issue.
SECURITY.md
Outdated
| presence of a vulnerability itself. Violation of this policy may result in | ||
| removal from the list for the company or individual involved. | ||
| To report a security issue, file a [Private Security Report](https://github.com/canonical/cloud-init/security/advisories/new) with a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue. | ||
| The [Ubuntu Security disclosure and embargo policy](https://ubuntu.com/security/disclosure-policy) contains more information about what you can expect when you contact us and what we expect from you. |
Member
There was a problem hiding this comment.
drzee99
pushed a commit
to drzee99/cloud-init
that referenced
this pull request
Feb 2, 2026
holmanb
pushed a commit
that referenced
this pull request
Feb 5, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add company compliant security docs and reference given internal policies.
Redact unnecessary duplication of data
Proposed Commit Message
docs: security company policy updatesAdditional Context
Test Steps
Merge type