Skip to content

Latest commit

 

History

History
37 lines (26 loc) · 1.66 KB

SECURITY.md

File metadata and controls

37 lines (26 loc) · 1.66 KB

Reporting vulnerabilities

Arm takes security issues seriously and welcomes feedback from researchers and the security community in order to improve the security of its products and services. We operate a coordinated disclosure policy for disclosing vulnerabilities and other security issues.

Security issues can be complex and one single timescale doesn't fit all circumstances. We will make best endeavours to inform you when we expect security notifications and fixes to be available and facilitate coordinated disclosure when notifications and patches/mitigations are available.

How to Report a Potential Vulnerability?

If you would like to report a public issue (for example, one with a released CVE number), please contact the meta-arm mailing list at meta-arm@lists.yoctoproject.org and arm-security@arm.com.

If you are dealing with a not-yet released or urgent issue, please send a mail to the maintainers (see README.md) and arm-security@arm.com, including as much detail as possible. Encrypted emails using PGP are welcome.

For more information, please visit https://developer.arm.com/support/arm-security-updates/report-security-vulnerabilities.

Branches maintained with security fixes

meta-arm follows the Yocto release model, so see [https://wiki.yoctoproject.org/wiki/Stable_Release_and_LTS Stable release and LTS] for detailed info regarding the policies and maintenance of stable branches.

The [https://wiki.yoctoproject.org/wiki/Releases Release page] contains a list of all releases of the Yocto Project. Versions in grey are no longer actively maintained with security patches, but well-tested patches may still be accepted for them for significant issues.