Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Do you have a Secure Development Lifecycle (SDL) in place that includes a vulnerability management process and timely closure of vulnerabilities? #27236

Closed
ericashi opened this issue Sep 27, 2023 · 9 comments
Labels
question Further information is requested

Comments

@ericashi
Copy link

Component(s)

No response

Describe the issue you're reporting

Hi,

I am currently doing a security checking based on my company's policy. Following is the question I was requested to ask.

Do you have a Secure Development Lifecycle (SDL) in place that includes a vulnerability management process and timely closure of vulnerabilities?

Thank you.

Best Regards,
Erica Ooi

@ericashi ericashi added the needs triage New item requiring triage label Sep 27, 2023
@ericashi
Copy link
Author

Hi,

May I follow-up on this question, please?

Thank you.

Best Regards,
Erica Ooi

1 similar comment
@ericashi
Copy link
Author

ericashi commented Oct 2, 2023

Hi,

May I follow-up on this question, please?

Thank you.

Best Regards,
Erica Ooi

@ericashi
Copy link
Author

ericashi commented Oct 3, 2023

Hi,

May I follow-up on this question, please?

Thank you.

Best Regards,
Erica Ooi

1 similar comment
@ericashi
Copy link
Author

ericashi commented Oct 5, 2023

Hi,

May I follow-up on this question, please?

Thank you.

Best Regards,
Erica Ooi

@ericashi
Copy link
Author

ericashi commented Oct 9, 2023

Hi,

May I know do you have a Secure Development Lifecycle (SDL) in place that includes a vulnerability management process and timely closure of vulnerabilities?

Thank you.

Best Regards,
Erica

@ericashi
Copy link
Author

Hi,

May I kindly request to follow up on this particular item? Your attention to this matter is greatly appreciated, and I would be grateful for an answer you can provide.

Thank you for your kind consideration, and I look forward to hearing from you soon.

Best Regards,
Erica Ooi

@bryan-aguilar
Copy link
Contributor

Hi @ericashi, would you be able to attend a Collector SIG meeting to ask these questions? I think collector maintainers may be the best ones to answer this. Our SIG meeting schedule can be found here. \

cc: @open-telemetry/collector-contrib-maintainer

@bryan-aguilar bryan-aguilar added question Further information is requested and removed needs triage New item requiring triage labels Oct 13, 2023
@codeboten
Copy link
Contributor

@ericashi the Security SIG is putting together a recommendation for the OpenTelemetry org. There's a PR here: https://github.com/open-telemetry/sig-security/pull/18/files

Please take a look at leave comments on that pull request.

@ericashi
Copy link
Author

Hi @codeboten and @bryan-aguilar ,

I sincerely appreciate you taking the time to provide information on this matter.

Best Regards,
Erica Ooi

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
question Further information is requested
Projects
None yet
Development

No branches or pull requests

3 participants