cederom commented on code in PR #17583: URL: https://github.com/apache/nuttx/pull/17583#discussion_r2656634173
########## Documentation/security.rst: ########## @@ -0,0 +1,158 @@ +======== +Security +======== + +.. toctree:: + +Known vulnerabilities +===================== + +Apache NuttX RTOS vulnerabilities are labelled with CVE (Common +Vulnerabilities and Exposures) identifiers. List of known, responsibly +disclosed, and fixed vulnerabilities are publicly available online at +`CVE.ORG <https://www.cve.org/CVERecord/SearchResults?query=nuttx>`_. +Offline bundled version is located at the bottom of this page in the +`NuttX CVEs`_ section. + +Reporting Vulnerabilities +========================= + +Security related issues are handled in compliance with +`The Apache Security Team Guide <https://www.apache.org/security/>`_ +and `Apache Committers Security Guide +<https://www.apache.org/security/committers.html>`_. +Please read these documents carefully before submitting and/or +handling a security vulnerability. + +.. warning:: + Do not enter details of security vulnerabilities in a project's public + bug tracker, issues, or pull requests. Do not make information about + the vulnerability public until it is formally announced at the end + of this process. Messages associated with any commits should not make + any reference to the security nature of the commit. + + +Below is an extract of the most important information: + +1. Please report potential security vulnerabilities over email to + [email protected] and [email protected] **before disclosing Review Comment: i have stared vote if we want / need one, it will close on sunday, then we will know for sure what the decision is, and if positive i will request the address, after that i will switch this pr from draft to open :-) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
