Does netdata as a project implement a Vulnerability management process?

Hello!

As per internal risk assessments and validation of new tools, I was wondering if someone could provide better insight into how vulnerability management is handled in the Netdata Agent project (Netdata cloud not in scope in this particular case). I’ve tried to scan netdata.cloud, but couldn’t find anything documented.
Do you include vulnerability mangement into build process / CI jobs from Github, or expose some kind of endpoint that is viewable? Maybe a link to how people should responsibly disclose zero days or similar?

Would also be great how/if special care is given to security advisories and/or notices are handled for normal changelogs/issues, or if one could subscribe to a special channel for those.

Thanks in advance!

Hi, @johanssone. There are a lot of good questions!

Let me answer to

Maybe a link to how people should responsibly disclose zero days or similar?

Check Netdata Security Policy. If a person has found a vulnerability we expect they send a report to security@netdata.cloud .