cederom commented on code in PR #17583: URL: https://github.com/apache/nuttx/pull/17583#discussion_r2650162843
########## Documentation/security.rst: ########## @@ -0,0 +1,158 @@ +======== +Security +======== + +.. toctree:: + +Known vulnerabilities +===================== + +Apache NuttX RTOS vulnerabilities are labelled with CVE (Common +Vulnerabilities and Exposures) identifiers. List of known, responsibly +disclosed, and fixed vulnerabilities are publicly available online at +`CVE.ORG <https://www.cve.org/CVERecord/SearchResults?query=nuttx>`_. +Offline bundled version is located at the bottom of this page in the +`NuttX CVEs`_ section. + +Reporting Vulnerabilities +========================= + +Security related issues are handled in compliance with +`The Apache Security Team Guide <https://www.apache.org/security/>`_ +and `Apache Committers Security Guide +<https://www.apache.org/security/committers.html>`_. +Please read these documents carefully before submitting and/or +handling a security vulnerability. + +.. warning:: + Do not enter details of security vulnerabilities in a project's public + bug tracker, issues, or pull requests. Do not make information about + the vulnerability public until it is formally announced at the end + of this process. Messages associated with any commits should not make + any reference to the security nature of the commit. + + +Below is an extract of the most important information: Review Comment: yes, just to have all-in-one place hints for reporters and handlers and part of the documentation :-) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
