tldr - powered by Generative AI

• The Security Committee assesses reported issues and works with code owners to determine if they are legitimate security issues.
• CVEs are issued for security issues and the release team is involved if the issue affects core Kubernetes.
• Distributors are notified for medium or high severity issues that may affect their users.
• The Bug Bounty program offers rewards for responsibly reported security issues.
• Reporting security issues through HackerOne or the email list is encouraged.