You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@nuttx.apache.org by xi...@apache.org on 2020/12/17 06:32:09 UTC

[incubator-nuttx] branch master updated: Add project GitHub Security Policy page

This is an automated email from the ASF dual-hosted git repository.

xiaoxiang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-nuttx.git


The following commit(s) were added to refs/heads/master by this push:
     new 0edb162  Add project GitHub Security Policy page
0edb162 is described below

commit 0edb162ba7e4e63b3bb242df8a72502048183caf
Author: Brennan Ashton <ba...@brennanashton.com>
AuthorDate: Wed Dec 16 20:29:00 2020 -0800

    Add project GitHub Security Policy page
    
    Signed-off-by: Brennan Ashton <ba...@brennanashton.com>
---
 .github/SECURITY.md | 17 +++++++++++++++++
 README.md           |  4 ++++
 2 files changed, 21 insertions(+)

diff --git a/.github/SECURITY.md b/.github/SECURITY.md
new file mode 100644
index 0000000..3f34d85
--- /dev/null
+++ b/.github/SECURITY.md
@@ -0,0 +1,17 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 10.0.x  | :heavy_check_mark: |
+| 9.1.x   | :heavy_check_mark: |
+| < 9.1   | :x:                |
+
+## Reporting a Vulnerability
+
+If you think you have found a possible vulnerability please reach out to the _private_ project mailing list
+private@nuttx.apache.org or the Apache Security list security@apache.org.
+
+Please **DO NOT** create a GitHub issue or email the project dev list as they are public.
+This project follows the Apache Vulnerability Handling Policy docuemnted [here](https://www.apache.org/security/committers.html#vulnerability-handling)
diff --git a/README.md b/README.md
index c38fdb0..520320f 100644
--- a/README.md
+++ b/README.md
@@ -102,6 +102,10 @@ Get help using NuttX or contribute to the project on our mailing lists:
     * View the archives at:
       <https://www.mail-archive.com/commits@nuttx.apache.org/>
 
+## Reporting Security Issues
+
+Found a vulnerability? See our security policy [here](.github/SECURITY.md).
+
 ## Issue Tracker
 
 ### Bug Reports: