kaspar/RIOT
1
0
Fork 0
mirror of https://github.com/RIOT-OS/RIOT.git synced 2025-12-13 16:43:52 +01:00
Code Releases Activity

SECURITY: Describe that declassification is an option

Browse Source
This commit is contained in:
chrysn 2023-01-15 15:37:05 +01:00
parent c8d60a2d31
commit 48f0ae23ff
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
SECURITY.md
View File

@ -20,6 +20,14 @@ bottom of this file.
[security-gpg]: https://riot-os.org/assets/keys/security.asc [security-gpg]: https://riot-os.org/assets/keys/security.asc
### Classification of a vulnerability
Unless the reporter explicitly requests not to do so,
the RIOT security maintainers may declassify an issue
if the issue is not deemed critical --
for example when it requires an unlikely combination of circumstances and/or configuration options,
or when it can only be exploited by a user who gains no additional privileges.
## Notification of a Vulnerability ## Notification of a Vulnerability
After a fix is provided the security issue will be privately disclosed to the After a fix is provided the security issue will be privately disclosed to the