Skip to content
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 18 additions & 4 deletions .github/SECURITY.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,26 @@

## Reporting a Vulnerability

**Use of the wolfSSL Vulnerability Report Template is mandatory.** All security reports must use [`SECURITY-REPORT-TEMPLATE.md`](../SECURITY-REPORT-TEMPLATE.md), with every required field completed. Reports that do not use the template, or that leave required fields incomplete, will not receive CVE consideration.
**Use of the wolfSSL Vulnerability Report Template is mandatory.** All security
reports must use [`SECURITY-REPORT-TEMPLATE.md`](../SECURITY-REPORT-TEMPLATE.md),
with every required field completed. Reports that do not use the template, or
that leave required fields incomplete, will not receive CVE consideration.

Submit the completed template to **support@wolfssl.com**.
Submit the completed template to **support@wolfssl.com**. You may also send it to
**secure@wolfssl.com** and encrypt it with our PGP key:

Non-template submissions may still be reviewed on the merits and, where appropriate, addressed as hardening fixes in a future release.
Fingerprint: A2A4 8E7B CB96 C5BE CB98 7314 EBC8 0E41 5CA2 9677
Key server: keys.openpgp.org

Non-template submissions may still be reviewed on the merits and, where
appropriate, addressed as hardening fixes in a future release.

**Please keep the vulnerability private** until a fix has been released.

For the full policy — severity rubric, coordinated-disclosure practice, and reporter credit — see [`SECURITY-POLICY.md`](../SECURITY-POLICY.md).
## Full Policy

For the full policy — severity rubric, scope, coordinated-disclosure practice,
and reporter credit — see [`SECURITY-POLICY.md`](../SECURITY-POLICY.md). The same
policy is also published at
<https://www.wolfssl.com/.well-known/vulnerability-disclosure-policy.txt> so that
other wolfSSL repositories can reference one canonical copy.
Loading