kaspar/RIOT
1
0
Fork 0
mirror of https://github.com/RIOT-OS/RIOT.git synced 2025-12-27 07:21:18 +01:00
Code Releases Activity

Merge pull request #15516 from RIOT-OS/pr/security

Browse Source 
SECURITY.md: Add initial security policy
This commit is contained in:
Martine Lenders 2020-12-10 12:45:05 +01:00 committed by GitHub
commit 2f9eb58e0b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 31 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
SECURITY.md Normal file
View File

@ -0,0 +1,31 @@
# RIOT Security Policy
All security bugs reported will be silently fixed in `master` and backported
to the previous release.
## Reporting a Vulnerability
If a security issue is discovered, please report it to security@riot-os.org.
A response will be provided within one week.
The issue will be tracked in the [security mailing list](security@riot-os.org).
The original reporter will be included in the discussion of the issue.
## Notification of a Vulnerability
After a fix is provided the security issue will be privately disclosed to the
original reporter, RIOT security maintainers, and "Trusted RIOT Users".
A public announcement of the security fix will be made two weeks after the
point release, though this may vary depending on the severity and ability of
trusted RIOT users to provide the fix.
## Trusted RIOT Users
To access the "Trusted RIOT Users" notifications on the
[RIOT forum](https://forum.riot-os.org) please send information
on the RIOT based service or product as well as your
[forum](https://forum.riot-os.org) username to the
[security mailing list](security@riot-os.org).
Early notification of security bugs will be available and should not be shared
publicly.
If done, it will result in access removal from the "Trusted RIOT Users"
notifications.