mirror of
https://git.yoctoproject.org/meta-arm
synced 2026-07-16 15:57:19 +00:00
Add SECURITY.md
This commit is contained in:
+37
@@ -0,0 +1,37 @@
|
|||||||
|
# Reporting vulnerabilities
|
||||||
|
|
||||||
|
Arm takes security issues seriously and welcomes feedback from researchers and
|
||||||
|
the security community in order to improve the security of its products and
|
||||||
|
services. We operate a coordinated disclosure policy for disclosing
|
||||||
|
vulnerabilities and other security issues.
|
||||||
|
|
||||||
|
Security issues can be complex and one single timescale doesn't fit all
|
||||||
|
circumstances. We will make best endeavours to inform you when we expect
|
||||||
|
security notifications and fixes to be available and facilitate coordinated
|
||||||
|
disclosure when notifications and patches/mitigations are available.
|
||||||
|
|
||||||
|
|
||||||
|
## How to Report a Potential Vulnerability?
|
||||||
|
|
||||||
|
If you would like to report a public issue (for example, one with a released CVE
|
||||||
|
number), please contact the meta-arm mailing list at
|
||||||
|
meta-arm@lists.yoctoproject.org and arm-security@arm.com.
|
||||||
|
|
||||||
|
If you are dealing with a not-yet released or urgent issue, please send a mail
|
||||||
|
to the maintainers (see README.md) and arm-security@arm.com, including as much
|
||||||
|
detail as possible. Encrypted emails using PGP are welcome.
|
||||||
|
|
||||||
|
For more information, please visit https://developer.arm.com/support/arm-security-updates/report-security-vulnerabilities.
|
||||||
|
|
||||||
|
|
||||||
|
## Branches maintained with security fixes
|
||||||
|
|
||||||
|
meta-arm follows the Yocto release model, so see
|
||||||
|
[https://wiki.yoctoproject.org/wiki/Stable_Release_and_LTS Stable release and
|
||||||
|
LTS] for detailed info regarding the policies and maintenance of stable
|
||||||
|
branches.
|
||||||
|
|
||||||
|
The [https://wiki.yoctoproject.org/wiki/Releases Release page] contains a list of all
|
||||||
|
releases of the Yocto Project. Versions in grey are no longer actively maintained with
|
||||||
|
security patches, but well-tested patches may still be accepted for them for
|
||||||
|
significant issues.
|
||||||
Reference in New Issue
Block a user