opensc/SECURITY.md

# Security Policy

## Supported Versions

OpenSC releases are made roughly once a year, unless important security is discovered.

OpenSC does not release micro updates for previously released versions and does not
backport security fixes into them.

| Version  | Supported          |
| -------- | ------------------ |
| 0.20.0   | :white_check_mark: |
| < 0.20.0 | :x:                |

## Reporting a Vulnerability

If you discovered security vulnerability in supported version of OpenSC,
you can either fill an issue in [github](https://github.com/OpenSC/OpenSC/issues)
(note, that these issues are public!) or you can send email to any recently active
project developers frankmorgner(at)gmail.com, deengert(at)gmail.com and/or
jakuje(at)gmail.com .

You can expect update on the issue no later than in two weeks.
SECURITY.md: Introduce security reporting process 2020-06-11 12:58:13 +00:00			`# Security Policy`

			`## Supported Versions`

			`OpenSC releases are made roughly once a year, unless important security is discovered.`

			`OpenSC does not release micro updates for previously released versions and does not`
			`backport security fixes into them.`

			`\| Version \| Supported \|`
			`\| -------- \| ------------------ \|`
			`\| 0.20.0 \| :white_check_mark: \|`
			`\| < 0.20.0 \| :x: \|`

			`## Reporting a Vulnerability`

			`If you discovered security vulnerability in supported version of OpenSC,`
			`you can either fill an issue in [github](https://github.com/OpenSC/OpenSC/issues)`
			`(note, that these issues are public!) or you can send email to any recently active`
			`project developers frankmorgner(at)gmail.com, deengert(at)gmail.com and/or`
			`jakuje(at)gmail.com .`

			`You can expect update on the issue no later than in two weeks.`