Skip to content

tailscale/policies

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Tailscale Security Policies

Tailscale has several security policies in place to properly identify, respond to, and mitigate potential security risks. All employees, vendors and contractors working with Tailscale must follow these policies in order to best protect Tailscale’s and its customers’ data.

We’ve published these publicly for transparency, so that you can see where we are in terms of security maturity. We also hope you use these to adopt similar policies and processes at your organization.

Since these are our internal policies, some links to internal documents or resources are only visible to employees.

This repository is the source of truth for the policies available at https://tailscale.com/security-policies/.

These policies were last reviewed on 2022-10-03.

FAQ

What policies are included?

This repository includes:

When does Tailscale review or update these policies?

The Chief Operating Officer is responsible for reviewing and updating security policies on a quarterly basis. See overview of policies.

Why don't you use the stronger security control X for the Y policy?

These policies do reflect the current state of Tailscale's security practices. Are they perfect? Absolutely not. We hope to improve them over time.

Why are these policies in Git?

These policies are in Git for document control, to track what changes were made over time, by whom, and who reviewed and approved those changes.

Why are some links broken, like to the Code of Conduct?

Since these are Tailscale's internal policies, some links to internal documents or resources are only visible to employees.

Why did Tailscale publish these policies?

These policies are published and available under CC0-1.0 in order to:

  • Be transparent about where we are in terms of security at Tailscale.
  • Help you be inspired by these policies as you complete your own SOC 2 audit or improve your own organization's security.

Can I use these security policies?

Yes! Feel free to be inspired by Tailscale's internal security policies for use in your own organization. These policies are available under CC0-1.0.

Contributing

We do not accept public contributions or issues on this repository. This is because this repository acts as the source of truth for Tailscale's internal policies. If you are a Tailscale user, and have a question or concern about one of these policies, please contact info@tailscale.com.

We may consider public comment on proposed changes.

Acknowledgements

@danderson, @rachlubman, @DentonGentry, and @mayakacz, with feedback from Tailscale employees and auditors.

License

Dedicated to the public domain under CC0-1.0 by Tailscale and contributors.

About

Security policies for Tailscale

Topics

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks