From 5ea6a891c1394e0eb24ab8890696cb46627d3ae6 Mon Sep 17 00:00:00 2001 From: Bryan Hunt Date: Sat, 20 Mar 2021 21:07:46 -0600 Subject: [PATCH] Add security policy --- SECURITY.md | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000..770a76d10 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,29 @@ +# Security Policy + +We take the security of cryptoauthlib very seriously. Please submit security vulnerabilities to +the Microchip Product Security Incident Response Team (PSIRT) which is responsible for receiving +and responding to reports of potential security vulnerabilities in our products, as well as in +any related hardware, software, firmware, and tools. Please see below for instructions on how +to submit your report. + +## Supported Versions + +The previous API version is maintained for a year after a new version is released. + +| Version | Supported | Notes | +| ------- | ------------------ | ----- | +| 3.3.x | :heavy_check_mark: | | +| 3.2.x | :heavy_check_mark: | Security updates until January 2022 | +| < 3.2 | :x: | | + +## Reporting a Vulnerability + +[How to Report Potential Product Security Vulnerabilities](https://www.microchip.com/design-centers/embedded-security/how-to-report-potential-product-security-vulnerabilities) + +Once a report is received, the PSIRT will take the necessary steps to review the issue +and determine what actions might be required to address any potential impacts to our products. +Microchip PSIRT follows a coordinated vulnerability responsible disclosure policy that is available +for review. + +Please use the above instructions to securely submit your findings - We ask that you refrain from +reporting vulnerabilties through the public github issues system.