The Falco team and community take security bugs in all Falco projects seriously.
We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.
Security updates will typically only be applied to the latest release (at least until Falco reaches first stable major version).
Version | Supported |
---|---|
>=0.18.x | ✅ |
To report a security issue, email cncf-falco-maintainers@lists.cncf.io and include the word "SECURITY" in the subject line.
The Falco team will send a response indicating the next steps in handling your report. After the initial reply to your report, the team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.
Note also that the team can use GitHub Security Advisories to disclose, fix, and publish information about the vulnerability you responsibly reported to us.