From af69f7c6242a4a4e70ddea7df3a5b43314e3e705 Mon Sep 17 00:00:00 2001 From: Patrick Delaunay Date: Wed, 18 May 2022 19:22:06 +0200 Subject: [PATCH] SECURITY: add security guide to STMicroelectronics/u-boot repository Add security guide to STMicroelectronics/u-boot repository. Signed-off-by: Patrick Delaunay Change-Id: I8069a38339e6861e3c19212f4ffd15e448e67c47 Reviewed-on: https://gerrit.st.com/c/mpu/oe/st/u-boot/+/252911 Reviewed-by: Bernard PUEL Reviewed-by: Patrice CHOTARD --- SECURITY.md | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000000..4b3e4e6ba5 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,8 @@ +# Report potential product security vulnerabilities +ST places a high priority on security, and our Product Security Incident Response Team (PSIRT) is committed to rapidly addressing potential security vulnerabilities affecting our products. PSIRT's long history and vast experience in security allows ST to perform clear analyses and provide appropriate guidance on mitigations and solutions when applicable. +If you wish to report potential security vulnerabilities regarding our products, **please do not report them through public GitHub issues.** Instead, we encourage you to report them to our ST PSIRT following the process described at: **https://www.st.com/content/st_com/en/security/report-vulnerabilities.html** + +### IMPORTANT - READ CAREFULLY: +STMicroelectronics International N.V., on behalf of itself, its affiliates and subsidiaries, (collectively “ST”) takes all potential security vulnerability reports or other related communications (“Report(s)”) seriously. In order to review Your Report (the terms “You” and “Yours” include your employer, and all affiliates, subsidiaries and related persons or entities) and take actions as deemed appropriate, ST requires that we have the rights and Your permission to do so. +As such, by submitting Your Report to ST, You agree that You have the right to do so, and You grant to ST the rights to use the Report for purposes related to security vulnerability analysis, testing, correction, patching, reporting and any other related purpose or function. +By submitting Your Report, You agree that ST’s [Privacy Policy](https://www.st.com/content/st_com/en/common/privacy-portal.html) applies to all related communications.