You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Added vulnerability reporting process SECURITY.md (#279)
## Checklist
<!-- Put an `x` in the boxes. All tasks must be completed and boxes
checked before merging. -->
- [x] 🤖 This change is covered by unit tests as required.
- [x] 🤹 All required manual testing has been performed.
- [x] 🛡️ Security impacts have been considered.
- [x] 📖 All documentation updates are complete.
- [x] 🧠 This change does not change third-party dependencies
The Open-CMSIS-Pack cmsis-toolbox maintainers take security issues seriously and appreciate responsible disclosure. Your efforts to improve project security are highly valued.
13
+
14
+
We use GitHub's [private vulnerability reporting](https://docs.github.com/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability). To submit a report, please include:
15
+
16
+
- A detailed description of the issue
17
+
- Steps to reproduce the vulnerability
18
+
- Affected project versions
19
+
- Any known mitigations
20
+
21
+
A maintainer will acknowledge your report as soon as possible and guide the next steps. We will keep you informed of progress toward a fix and may request additional details if needed.
22
+
23
+
## Vulnerability Management
24
+
25
+
Once a security issue is reported, the maintainers will:
26
+
27
+
1. Confirm the issue
28
+
2. Identify/Confirm affected versions
29
+
3. Audit related code for similar vulnerabilities
30
+
4. Develop and release patches for maintained versions
31
+
32
+
## Improving This Policy
33
+
34
+
If you have suggestions for improving this process, please open an issue or submit a pull request.
0 commit comments