-
Notifications
You must be signed in to change notification settings - Fork 221
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'main' of https://github.com/MicrochipTech/cryptoauthlib …
…into main
- Loading branch information
Showing
3 changed files
with
32 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
# Security Policy | ||
|
||
We take the security of cryptoauthlib very seriously. Please submit security vulnerabilities to | ||
the Microchip Product Security Incident Response Team (PSIRT) which is responsible for receiving | ||
and responding to reports of potential security vulnerabilities in our products, as well as in | ||
any related hardware, software, firmware, and tools. Please see below for instructions on how | ||
to submit your report. | ||
|
||
## Supported Versions | ||
|
||
The previous API version is maintained for a year after a new version is released. | ||
|
||
| Version | Supported | Notes | | ||
| ------- | ------------------ | ----- | | ||
| 3.3.x | :heavy_check_mark: | | | ||
| 3.2.x | :heavy_check_mark: | Security updates until January 2022 | | ||
| < 3.2 | :x: | | | ||
|
||
## Reporting a Vulnerability | ||
|
||
[How to Report Potential Product Security Vulnerabilities](https://www.microchip.com/design-centers/embedded-security/how-to-report-potential-product-security-vulnerabilities) | ||
|
||
Once a report is received, the PSIRT will take the necessary steps to review the issue | ||
and determine what actions might be required to address any potential impacts to our products. | ||
Microchip PSIRT follows a coordinated vulnerability responsible disclosure policy that is available | ||
for review. | ||
|
||
Please use the above instructions to securely submit your findings - We ask that you refrain from | ||
reporting vulnerabilties through the public github issues system. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters