[PATCH] Add SECURITY.md

[PATCH] Add SECURITY.md

[ross.burton]

From: Ross Burton <ross.burton@arm.com>

---
 SECURITY.md | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..0fa6cbcd
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,37 @@
+# Reporting vulnerabilities
+
+Arm takes security issues seriously and welcomes feedback from researchers and
+the security community in order to improve the security of its products and
+services. We operate a coordinated disclosure policy for disclosing
+vulnerabilities and other security issues.
+
+Security issues can be complex and one single timescale doesn't fit all
+circumstances. We will make best endeavours to inform you when we expect
+security notifications and fixes to be available and facilitate coordinated
+disclosure when notifications and patches/mitigations are available.
+
+
+## How to Report a Potential Vulnerability?
+
+If you would like to report a public issue (for example, one with a released CVE
+number), please contact the meta-arm mailing list at
+meta-arm@lists.yoctoproject.org and arm-security@arm.com.
+
+If you are dealing with a not-yet released or urgent issue, please send a mail
+to the maintainers (see README.md) and arm-security@arm.com, including as much
+detail as possible.  Encrypted emails using PGP are welcome.
+
+For more information, please visit https://developer.arm.com/support/arm-security-updates/report-security-vulnerabilities.
+
+
+## Branches maintained with security fixes
+
+meta-arm follows the Yocto release model, so see
+[https://wiki.yoctoproject.org/wiki/Stable_Release_and_LTS Stable release and
+LTS] for detailed info regarding the policies and maintenance of stable
+branches.
+
+The [https://wiki.yoctoproject.org/wiki/Releases Release page] contains a list of all
+releases of the Yocto Project. Versions in grey are no longer actively maintained with
+security patches, but well-tested patches may still be accepted for them for
+significant issues.
-- 
2.34.1

Re: [PATCH] Add SECURITY.md

[Jon Mason]

On Mon, 18 Mar 2024 13:37:30 +0000, ross.burton@arm.com wrote:
> 
> 

Applied, thanks!

[1/1] Add SECURITY.md
      commit: c93a1459dafa86a0bef346e95f688e7c32bc5eef

Best regards,
-- 
Jon Mason <jon.mason@arm.com>

[PATCH] Add SECURITY.md

[Marta Rybczynska]

Add a SECURITY.md filr with hints for security researchers and other
parties who might report potential security vulnerabilities.

Signed-off-by: Marta Rybczynska <marta.rybczynska@syslinbit.com>
---
 SECURITY.md | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000..900da76e59
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,17 @@
+How to Report a Vulnerability?
+==============================
+
+Please send a message to security AT yoctoproject DOT org, including as many details
+as possible: the layer or software module affected, the recipe and its version,
+and any example code, if available.
+
+Branches maintained with security fixes
+---------------------------------------
+
+See [https://wiki.yoctoproject.org/wiki/Stable_Release_and_LTS Stable release and LTS]
+for detailed info regarding the policies and maintenance of Stable branch.
+
+The [https://wiki.yoctoproject.org/wiki/Releases Release page] contains a list of all
+releases of the Yocto Project. Versions in grey are no longer actively maintained with
+security patches, but well-tested patches may still be accepted for them for
+significant issues.
-- 
2.39.2

[PATCH] Add SECURITY.md

[Marta Rybczynska]

Add a SECURITY.md filr with hints for security researchers and other
parties who might report potential security vulnerabilities.

Signed-off-by: Marta Rybczynska <marta.rybczynska@syslinbit.com>
---
 SECURITY.md | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..900da76e
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,17 @@
+How to Report a Vulnerability?
+==============================
+
+Please send a message to security AT yoctoproject DOT org, including as many details
+as possible: the layer or software module affected, the recipe and its version,
+and any example code, if available.
+
+Branches maintained with security fixes
+---------------------------------------
+
+See [https://wiki.yoctoproject.org/wiki/Stable_Release_and_LTS Stable release and LTS]
+for detailed info regarding the policies and maintenance of Stable branch.
+
+The [https://wiki.yoctoproject.org/wiki/Releases Release page] contains a list of all
+releases of the Yocto Project. Versions in grey are no longer actively maintained with
+security patches, but well-tested patches may still be accepted for them for
+significant issues.
-- 
2.39.2