Slimmed down template from: Betsy Beyer, Chris Jones, Jennifer Petoff, and Niall Richard Murphy. “Site Reliability Engineering.”, modified from https://raw.githubusercontent.com/dastergon/postmortem-templates/master/templates/postmortem-template-srebook.md.
Follow the SRE link for examples of how to populate.
A PR should be opened with postmortem placed in security/postmortems/cve-year-abcdef.md. If there are multiple CVEs in the postmortem, populate each alias with the string "See cve-year-abcdef.md".
YYYY-MM-DD (as a date range if over a period of time)
@foo, @bar, ...
Draft | Final
A few sentence summary.
https://github.com/envoyproxy/envoy/issues/${CVE_ISSUED_ID}
What defect in Envoy led to the CVEs? How did this defect arise?
How was the security release process followed? How were the fix patches structured and authored?
How was this discovered? Reported by XYZ, found by fuzzing? Private or public disclosure?
Create action item issues and include in their body "Action item for CVE-YEAR-ABCDEF". Modify the search string below to include in the PR:
All times US/Pacific
YYYY-MM-DD
- HH:MM Cake was made available
- HH:MM People ate the cake
YYYY-MM-DD
- HH:MM More cake was available
- HH:MM People ate more cake