# Security Policy

- [Security Policy](#security-policy)
  - [Reporting security problems](#reporting-security-problems)
  - [Vulnerability Management Plans](#vulnerability-management-plans)
    - [Critical Updates And Security Notices](#critical-updates-and-security-notices)

<a name="reporting"></a>
## Reporting security problems

**DO NOT CREATE AN ISSUE** to report a security problem. Instead, please
send an email to cncf-ExternalSecretsOp-maintainers@lists.cncf.io

<a name="vulnerability-management"></a>
## Vulnerability Management Plans

### Critical Updates And Security Notices

We learn about critical software updates and security threats from these sources

1. GitHub Security Alerts
2. [Dependabot](https://dependabot.com/) Dependency Updates

## Security Incident Response

Please follow the guide [SECURITY_RESPONSE.md](SECURITY_RESPONSE.md).