SECURITY.md: Introduce security reporting process
This commit is contained in:
parent
929717b505
commit
c458d81723
|
@ -0,0 +1,23 @@
|
||||||
|
# Security Policy
|
||||||
|
|
||||||
|
## Supported Versions
|
||||||
|
|
||||||
|
OpenSC releases are made roughly once a year, unless important security is discovered.
|
||||||
|
|
||||||
|
OpenSC does not release micro updates for previously released versions and does not
|
||||||
|
backport security fixes into them.
|
||||||
|
|
||||||
|
| Version | Supported |
|
||||||
|
| -------- | ------------------ |
|
||||||
|
| 0.20.0 | :white_check_mark: |
|
||||||
|
| < 0.20.0 | :x: |
|
||||||
|
|
||||||
|
## Reporting a Vulnerability
|
||||||
|
|
||||||
|
If you discovered security vulnerability in supported version of OpenSC,
|
||||||
|
you can either fill an issue in [github](https://github.com/OpenSC/OpenSC/issues)
|
||||||
|
(note, that these issues are public!) or you can send email to any recently active
|
||||||
|
project developers frankmorgner(at)gmail.com, deengert(at)gmail.com and/or
|
||||||
|
jakuje(at)gmail.com .
|
||||||
|
|
||||||
|
You can expect update on the issue no later than in two weeks.
|
Loading…
Reference in New Issue