Add SECURITY.md
There was no mention of our security email address, nor of our security process, in the repo, which made them hard to discover for contributors. Also, this filename is recognized by github: https://docs.github.com/en/github/managing-security-vulnerabilities/adding-a-security-policy-to-your-repository Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard
parent
e699739f28
commit
a21abf249c
18
SECURITY.md
Normal file
18
SECURITY.md
Normal file
@ -0,0 +1,18 @@
|
||||
## Reporting Vulneratibilities
|
||||
|
||||
If you think you have found an Mbed TLS security vulnerability, then please
|
||||
send an email to the security team at
|
||||
<mbed-tls-security@lists.trustedfirmware.org>.
|
||||
|
||||
## Security Incident Handling Process
|
||||
|
||||
Our security process is detailled in our [security
|
||||
center](https://developer.trustedfirmware.org/w/mbed-tls/security-center/).
|
||||
|
||||
Its primary goal is to ensure fixes are ready to be deployed when the issue
|
||||
goes public.
|
||||
|
||||
## Maintained branches
|
||||
|
||||
Only the maintained branches, as listed in BRANCHES.md, get security fixes.
|
||||
Users are urged to always use the latest version of a maintained branch.
|
||||
Loading…
Reference in New Issue
Block a user