Security

In this section, learn how the OpenTelemetry project discloses vulnerabilities and responds to incidents and discover what you can do to securely collect and transmit your observability data.

Common Vulnerabilities and Exposures (CVEs)

For CVEs across all repositories, see Common Vulnerabilities and Exposures.

Incident response

Learn how to report a vulnerability or find out how incident responses are handled in Community incident response guidelines.

Collector security

When setting up the OpenTelemetry Collector, consider implementing security best practices in both your hosting infrastructure and your Collector configuration. Running a secure Collector can help you

  • Protect telemetry that shouldn’t but might contain sensitive information, such as personally identifiable information (PII), application-specific data, or network traffic patterns.
  • Prevent data tampering that makes telemetry unreliable and disrupts incident responses.
  • Comply with data privacy and security regulations.
  • Defend against denial of service (DoS) attacks.

See Hosting best practices to learn how to secure your Collector’s infrastructure.

See Configuration best practices to learn how to securely configure your Collector.

For Collector component developers, see Security best practices.


Última modificación November 2, 2024: Add Collector security documentation (#5209) (d96ef10c)