This document outlines the security policy and procedures for reporting security vulnerabilities in VMware Secrets Manager, along with the version support policy.
Only the most recent version of VMware Secrets Manager is currently being supported with security updates.
Note that VMware Secrets Manager consists of more than a single project, and during a release cut, all projects are signed and tagged with the same version.
After VMware Secrets Manager hits a major 1.0.0. version, this will change, and we will also have a support plan various major versions.
Send your vulnerability reports to security@vsecm.com.
We don't have an official turnover time, but if nobody gets back to you within a week please send another email.
We take all vulnerability reports seriously, and you will be notified if your report is accepted or declined, and what further actions we are going to take on it.