SECURITY.md: Introduce security reporting process
This commit is contained in:
parent
929717b505
commit
c458d81723
|
@ -0,0 +1,23 @@
|
|||
# Security Policy
|
||||
|
||||
## Supported Versions
|
||||
|
||||
OpenSC releases are made roughly once a year, unless important security is discovered.
|
||||
|
||||
OpenSC does not release micro updates for previously released versions and does not
|
||||
backport security fixes into them.
|
||||
|
||||
| Version | Supported |
|
||||
| -------- | ------------------ |
|
||||
| 0.20.0 | :white_check_mark: |
|
||||
| < 0.20.0 | :x: |
|
||||
|
||||
## Reporting a Vulnerability
|
||||
|
||||
If you discovered security vulnerability in supported version of OpenSC,
|
||||
you can either fill an issue in [github](https://github.com/OpenSC/OpenSC/issues)
|
||||
(note, that these issues are public!) or you can send email to any recently active
|
||||
project developers frankmorgner(at)gmail.com, deengert(at)gmail.com and/or
|
||||
jakuje(at)gmail.com .
|
||||
|
||||
You can expect update on the issue no later than in two weeks.
|
Loading…
Reference in New Issue