Merge pull request #18574 from chrysn-pull-requests/cpe-reference

security: Reference CPE used for RIOT
2025-12-24 05:53:49 +01:00 · 2022-09-11 21:07:12 +02:00 · 2022-09-11 21:07:12 +02:00 · dfcd2e519b
commit dfcd2e519b
parent 4c5ff03029 8cb77c1091
1 changed files with 5 additions and 0 deletions
--- a/SECURITY.md
+++ b/SECURITY.md
@ -3,6 +3,11 @@
 All security bugs reported will be silently fixed in `master` and backported
 to the previous release.

+When CVE numbers are assigned to RIOT vulnerabilities, they are associated with
+[CPE] identifiers in the shape of `cpe:2.3:o:riot-os:riot:<VERSION>`.
+
+[CPE]: https://nvd.nist.gov/products/cpe
+
 ## Reporting a Vulnerability

 If a security issue is discovered, please report it to security@riot-os.org.