diff --git a/community/assessments/projects/kubescape/self-assessment.md b/community/assessments/projects/kubescape/self-assessment.md index 23c2d9ab2..6fcc35d85 100644 --- a/community/assessments/projects/kubescape/self-assessment.md +++ b/community/assessments/projects/kubescape/self-assessment.md @@ -299,15 +299,15 @@ Maintainers organize the entire response, including internal communication and e #### Reporting Security Vulnerabilities If you find a vulnerability or a potential vulnerability in Kubescape, please let us know immediately at [cncf-kubescape-maintainers@lists.cncf.io](mailto:cncf-kubescape-maintainers@lists.cncf.io). We'll send a confirmation email to acknowledge your report and an additional email when we've identified the issues positively or negatively. -Please see the complete [security release process](SECURITY.md) for further details. +Please see the complete [security release process](https://github.com/kubescape/project-governance/blob/main/SECURITY.md) for further details. #### Private Disclosure Processes -If a security vulnerability or any security-related issues are found, they should not be filed as a public or a GitHub issue. Instead, the report should be sent privately to [cncf-kubescape-maintainers@lists.cncf.io](cncf-kubescape-maintainers@lists.cncf.io) +If a security vulnerability or any security-related issues are found, they should not be filed as a public or a GitHub issue. Instead, the report should be sent privately to [cncf-kubescape-maintainers@lists.cncf.io](mailto:cncf-kubescape-maintainers@lists.cncf.io) #### Public Disclosure Processes -If a publicly disclosed security vulnerability is known, it should be reported immediately to [cncf-kubescape-maintainers@lists.cncf.io](cncf-kubescape-maintainers@lists.cncf.io) to inform the maintainers. This will initiate the patch, release, and communication process. +If a publicly disclosed security vulnerability is known, it should be reported immediately to [cncf-kubescape-maintainers@lists.cncf.io](mailto:cncf-kubescape-maintainers@lists.cncf.io) to inform the maintainers. This will initiate the patch, release, and communication process. ### Patch, Release, and Public Communication