github/open62541
7
0
Fork 0
mirror of https://github.com/open62541/open62541.git synced 2025-06-03 04:00:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(docs): Add SECURITY.md

Browse Source
This commit is contained in:
Julius Pfrommer 2024-11-06 21:30:16 +01:00 committed by GitHub
parent d77bcd13b1
commit 15b14208c2
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 45 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
SECURITY.md Normal file
View File

@ -0,0 +1,45 @@
# Security Policy
## Supported Versions
The following versions of open62541 are monitored for vulnerabilities and are part of our vulnerability handling and release process.
| Version | Community Support | Commercial Support Available |
| --------- | ------------------- | ---------------------------- |
| master | :heavy_check_mark: | :heavy_check_mark: |
| v1.4.x | :heavy_check_mark: | :heavy_check_mark: |
| v1.3.x | :last_quarter_moon: | :heavy_check_mark: |
| <= v1.2.x | :last_quarter_moon: | :heavy_check_mark: |
| <= v1.0.x | :x: | :last_quarter_moon: |
## Reporting a Vulnerability
Security vulnerabilities can be disclosed privately to the mailing list open62541-security@googlegroups.com.
The disclosure triggers an evaluation of the vulnerability.
Depending on the criticality, the follow-up comprises of the following steps:
- Responsible disclosure of the vulnerability to critical professional users (with an embargo period)
- Commit of the fix to the public repository
- Backporting of the fix to past release families
- Preparation of patch releases
- Public disclosure of the vulnerability
You can send us encrypted email with PGP using this public key:
```
-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEZyvNHBYJKwYBBAHaRw8BAQdAVVciLHk9qEu38ZmqGfUuB9SD7lvw6Z8lTm6G
H2zqh4O0NG9wZW42MjU0MSBUZWFtIDxvcGVuNjI1NDEtc2VjdXJpdHlAZ29vZ2xl
Z3JvdXBzLmNvbT6ImQQTFgoAQRYhBMlp8zR7pjG9VoaVFK5VKNbXA7F8BQJnK80c
AhsDBQkFoxmUBQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheAAAoJEK5VKNbXA7F8
vLcBAIC7/R5gZrqXm+js+tQrMgua/7Rr8h2CGC8GVogwLmYBAQDF9XzoZMBPQu5j
Vtudpc3lzQy4g8qzIvtwTaQe4KOhCLg4BGcrzRwSCisGAQQBl1UBBQEBB0Acmd51
rRZ3697if50xOUeu2tdHjOWMn+P3Ga5/2ZIGKwMBCAeIfgQYFgoAJhYhBMlp8zR7
pjG9VoaVFK5VKNbXA7F8BQJnK80cAhsMBQkFoxmUAAoJEK5VKNbXA7F8y4UA/RSe
NKKvTqtDayyNn6kRKLnuBAPlXTjvpMARcSMFe9APAQCdu22yS4KB3cGBHoXMSTwO
tfp1v8HATMXKB65FmujmBg==
=Juz6
-----END PGP PUBLIC KEY BLOCK-----
```