diff mbox series

[yocto-autobuilder2] SECURITY.md: Add file

Message ID 20231024120221.1243945-1-richard.purdie@linuxfoundation.org
State New
Headers show
Series [yocto-autobuilder2] SECURITY.md: Add file | expand

Commit Message

Richard Purdie Oct. 24, 2023, 12:02 p.m. UTC 
Add a SECURITY.md file with hints for security researchers and other
parties who might report potential security vulnerabilities.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 SECURITY.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 SECURITY.md
diff mbox series

Patch

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..7ccecc1f
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,13 @@ 
+How to Report a Potential Vulnerability?
+========================================
+
+If you would like to report a public issue (for example, one with a released
+CVE number), please report it using the
+[https://bugzilla.yoctoproject.org/enter_bug.cgi?product=Security Security Bugzilla].
+If you have a patch ready, submit it following the same procedure as any other
+patch as described in README.md.
+
+If you are dealing with a not-yet released or urgent issue, please send a
+message to security AT yoctoproject DOT org, including as many details as
+possible: the layer or software module affected, the recipe and its version,
+and any example code, if available.