{"id":13510474,"url":"https://github.com/tailscale/security-policies","last_synced_at":"2025-10-18T20:52:55.986Z","repository":{"id":60681469,"uuid":"530863269","full_name":"tailscale/security-policies","owner":"tailscale","description":"Security policies for Tailscale","archived":false,"fork":false,"pushed_at":"2025-04-22T21:11:36.000Z","size":44,"stargazers_count":287,"open_issues_count":1,"forks_count":34,"subscribers_count":20,"default_branch":"main","last_synced_at":"2025-04-23T07:07:25.380Z","etag":null,"topics":["policy","security"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"cc0-1.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tailscale.png","metadata":{"files":{"readme":"README.md","changelog":"change-management/index.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-08-30T23:12:05.000Z","updated_at":"2025-04-22T21:11:38.000Z","dependencies_parsed_at":"2024-10-18T18:52:02.542Z","dependency_job_id":"6a27db0b-48c4-4f07-bff6-59859021c90a","html_url":"https://github.com/tailscale/security-policies","commit_stats":null,"previous_names":["tailscale/security-policies","tailscale/policies"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tailscale%2Fsecurity-policies","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tailscale%2Fsecurity-policies/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tailscale%2Fsecurity-policies/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tailscale%2Fsecurity-policies/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tailscale","download_url":"https://codeload.github.com/tailscale/security-policies/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250386755,"owners_count":21422028,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["policy","security"],"created_at":"2024-08-01T02:01:40.496Z","updated_at":"2025-10-18T20:52:55.877Z","avatar_url":"https://github.com/tailscale.png","language":null,"funding_links":[],"categories":["Others","security"],"sub_categories":[],"readme":"# Tailscale Security Policies\n\nTailscale has several security policies in place to properly identify, respond to, and mitigate potential security risks. All employees, vendors and contractors working with Tailscale must follow these policies in order to best protect Tailscale’s and its customers’ data.\n\nWe’ve published these publicly for transparency, so that you can see where we are in terms of security maturity. We also hope you use these to adopt similar policies and processes at your organization.\n\n_Since these are our internal policies, some links to internal documents or resources are only visible to employees._\n\nThis repository is the source of truth for the policies available at https://tailscale.com/security-policies/.\n\nThese policies were last reviewed on 2025-04-07.\n\n### FAQ\n\n### What policies are included?\n\nThis repository includes:\n* [Personnel policy](/personnel/index.md)\n* [Risk assessment policy](/risk-assessment/index.md)\n* [Information classification policy](/information-classification/index.md)\n* [Third party vendor review policy](/vendor/index.md)\n* [Incident response policy](/incident-response-policy/index.md)\n* [Incident response process](/incident-response-process/index.md)\n* [BCP/DR policy](/bcp-dr/index.md)\n* [Access control policy](/access-control/index.md)\n* [Password policy](/password/index.md)\n* [Change management policy](/change-management/index.md)\n* [Testing policy](/testing/index.md)\n* [Patch management policy](/patch-management/index.md)\n* [Data retention and deletion policy](/data-retention-deletion/index.md)\n* [Incident disclosure and notification policy](/incident-disclosure/index.md)\n\n### When does Tailscale review or update these policies?\n\nThe Chief Operating Officer is responsible for reviewing and updating security policies on an annual basis.\nSee [overview](/overview.md) of policies.\n\n### Why don't you use the stronger security control X for the Y policy?\n\nThese policies do reflect the current state of Tailscale's security practices.\nAre they perfect? Absolutely not. We hope to improve them over time.\n\n### Why are these policies in Git?\n\nThese policies are in Git for document control, to track what changes were made over time, by whom, and who reviewed and approved those changes.\n\n### Why are some links broken, like to the Code of Conduct?\n\nSince these are Tailscale's internal policies, some links to internal documents or resources are only visible to employees.\n\n### Why did Tailscale publish these policies?\n\nThese policies are published and available under CC0-1.0 in order to:\n* Be transparent about where we are in terms of security at Tailscale.\n* Help you be inspired by these policies as you complete your own SOC 2 audit or improve your own organization's security.\n\n### Can I use these security policies?\n\nYes! Feel free to be inspired by Tailscale's internal security policies for use in your own organization. These policies are available under CC0-1.0.\n\n## Contributing\n\nWe do not accept public contributions or issues on this repository. This is because this repository acts as the source of truth for Tailscale's internal policies. If you are a Tailscale user, and have a question or concern about one of these policies, please contact info@tailscale.com.\n\nWe may consider public comment on proposed changes.\n\n## Acknowledgements\n\n@danderson, @rachlubman, @DentonGentry, and @mayakacz, with feedback from Tailscale employees and auditors.\n\n## License\n\nDedicated to the public domain under CC0-1.0 by Tailscale and contributors.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftailscale%2Fsecurity-policies","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftailscale%2Fsecurity-policies","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftailscale%2Fsecurity-policies/lists"}