On 27 Feb 08:12, Mihai Iordache wrote: > I have some additional questions as following: > 1. Are you performing regularly pentests ? if yes, how often ?
As https://prometheus.io/docs/operating/security/#external-audits There was a pentest in 2018. There will probably be a new one in 2020, to be confirmed. > 2. All high and critical issues are addressed in a short amount of time ? Prometheus is an open source project and we address those issues on a best-effort basis. You try to do our best but we don't promise anything. Some team members also closely follow golang releases for security vulnerabilities. > > > On Monday, 24 February 2020 15:42:04 UTC+2, Björn Rabenstein wrote: > > > > On 20.02.20 23:29, Lucian Iordache wrote: > > > Thank you for info, Already reviewed that but these does not cover > > entirely our > > > questions. > > > We would appreciate some targeted answers to our questions. > > > > Anything else is essentially fluid and not really formalized. > > > > You'll get individual views on how our practices have developed in > > practice (cf. the other response in this thread by Ben Kochie). But > > views and opinions will vary, and you therefore cannot expect any of > > those practices to be applied consistently and systematically. > > > > -- > > Björn Rabenstein > > [PGP-ID] 0x851C3DA17D748D03 > > [email] [email protected] <javascript:> > > > > -- > You received this message because you are subscribed to the Google Groups > "Prometheus Developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/prometheus-developers/69b2f00f-9273-44a0-8e71-b8f3b787e8b0%40googlegroups.com. -- (o- Julien Pivotto //\ Open-Source Consultant V_/_ Inuits - https://www.inuits.eu -- You received this message because you are subscribed to the Google Groups "Prometheus Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-developers/20200227161612.GA26706%40oxygen.
signature.asc
Description: PGP signature
