a21abf249c
There was no mention of our security email address, nor of our security process, in the repo, which made them hard to discover for contributors. Also, this filename is recognized by github: https://docs.github.com/en/github/managing-security-vulnerabilities/adding-a-security-policy-to-your-repository Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
18 lines
624 B
Markdown
18 lines
624 B
Markdown
## Reporting Vulneratibilities
|
|
|
|
If you think you have found an Mbed TLS security vulnerability, then please
|
|
send an email to the security team at
|
|
<mbed-tls-security@lists.trustedfirmware.org>.
|
|
|
|
## Security Incident Handling Process
|
|
|
|
Our security process is detailled in our [security
|
|
center](https://developer.trustedfirmware.org/w/mbed-tls/security-center/).
|
|
|
|
Its primary goal is to ensure fixes are ready to be deployed when the issue
|
|
goes public.
|
|
|
|
## Maintained branches
|
|
|
|
Only the maintained branches, as listed in BRANCHES.md, get security fixes.
|
|
Users are urged to always use the latest version of a maintained branch.
|