mbedtls/SECURITY.md
Manuel Pégourié-Gonnard a21abf249c Add SECURITY.md
There was no mention of our security email address, nor of our security
process, in the repo, which made them hard to discover for contributors.

Also, this filename is recognized by github:
https://docs.github.com/en/github/managing-security-vulnerabilities/adding-a-security-policy-to-your-repository

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-02-25 12:50:42 +01:00

18 lines
624 B
Markdown

## Reporting Vulneratibilities
If you think you have found an Mbed TLS security vulnerability, then please
send an email to the security team at
<mbed-tls-security@lists.trustedfirmware.org>.
## Security Incident Handling Process
Our security process is detailled in our [security
center](https://developer.trustedfirmware.org/w/mbed-tls/security-center/).
Its primary goal is to ensure fixes are ready to be deployed when the issue
goes public.
## Maintained branches
Only the maintained branches, as listed in BRANCHES.md, get security fixes.
Users are urged to always use the latest version of a maintained branch.