From ca61d6e2afdd10f9f72f724a1dd64b18b6363d23 Mon Sep 17 00:00:00 2001 From: Mahavir Jain Date: Fri, 24 Jun 2022 11:11:38 +0800 Subject: [PATCH] Add security policy guidelines Add basic information about process for reporting security vulnerabilities in Espressif solutions. This filename is recognized by GitHub: https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository --- SECURITY.md | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000000..a8ef33fecf --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,9 @@ +# Security Policy + +## Supported Versions + +Please refer to https://docs.espressif.com/projects/esp-idf/en/latest/esp32/versions.html#support-periods for more details on ESP-IDF supported versions and support period policy. + +## Reporting a Vulnerability + +If you think you have found a security vulnerability in Espressif solutions (including ESP-IDF), then please send an email to our Bug Bounty team at bugbounty@espressif.com. Please do **NOT** create a public GitHub issue.