Skip to content

Security: juju4/ansible-harden-windows

SECURITY.md

Security policy

DISCLAIMER!

  • This is personally maintained opensource project. Best effort will be made to support its security and resiliency but as per license, no warranty.
  • As deployment role for ansible, vulnerability for ansible, targeted deployed software(s) or underlying operating system(s) won't be accepted. It is the responsibility of the user to ensure those are maintained appropriately and in non-vulnerable versions.
  • I believe in transparency. Considering the scope of project, it is less likely that a security issue would be a major impact and full disclosure should not be an issue but if you believe otherwise, use the web form.

Security bulletins

When applicable, Security Advisories will be created inside GitHub following Creating a repository security advisory.

Reporting a vulnerability

Please use one of below process to report a vulnerability to the project:

  • GitHub issue "Report a security issue":

If issue is critical and not public, please use the web form. You can use First.org Common Vulnerability Scoring System Version 3.0 Calculator to score vulnerability.

Do not forget to tell us if and how you want to be acknowledged.

This project follows an immediate (public issue) or 30-days (web form) disclosure timeline.

This project won't request CVE(s).

Bug Bounty or Vulnerability Disclosure Program.

This project is not part of any Bug Bounty program.

Supported Versions

Only latest release or tag is supported along HEAD for main branch. Tests are usually focus on the latest LTS from RedHat and Ubuntu but contributions for other distributions or versions are welcomed.

Preferred Languages

We prefer all communications to be in English.

References

There aren’t any published security advisories