From 8cb77c1091c66d2dfb9b466ae988b016dde8dfc0 Mon Sep 17 00:00:00 2001 From: chrysn Date: Sat, 10 Sep 2022 16:55:33 +0200 Subject: [PATCH] security: Reference CPE used for RIOT --- SECURITY.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/SECURITY.md b/SECURITY.md index f9a4a3fa3a..a913a33903 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -3,6 +3,11 @@ All security bugs reported will be silently fixed in `master` and backported to the previous release. +When CVE numbers are assigned to RIOT vulnerabilities, they are associated with +[CPE] identifiers in the shape of `cpe:2.3:o:riot-os:riot:`. + +[CPE]: https://nvd.nist.gov/products/cpe + ## Reporting a Vulnerability If a security issue is discovered, please report it to security@riot-os.org.