miri64
commented
5 years ago
- [ ] Mention in the "New issue" template
Hopefully #10756 helps to make it even more obvious at least in the issue templates.
Open pyropeter opened 5 years ago
miri64
commented
5 years ago
- [ ] Mention in the "New issue" template
Hopefully #10756 helps to make it even more obvious at least in the issue templates.
Teufelchen1
commented
10 months ago Marked "Mention on http://riot-os.org/" as completed. The FAQ explains the procedure. Marked "Mention on https://github.com/RIOT-OS/RIOT", we have a security.md since 2020. Marked "Create a list of security incidents", those can now be seen in the "Security" tab in the Github repository.
Create a list of security incidents (e.g. https://tls.mbed.org/security)
Funny side note, that link is dead (naturally).
When @nmeum and I wanted to disclose a vulnerability yesterday, I was convinced that RIOT didn't have a security team. This caused us to assess the impact ourselves and choose a full-disclosure strategy. To our surprise, @miri64 et. al. immediately started to mitigate the issue, leading to it being fixed less than 24 hours after disclosure. Please accept my apologies for putting you through all that stress and a sleepless night!
In an attempt to still get something productive from this experience, I will now list ways in which I could have noticed the existence of a security team (in a rather obvious attempt at justifying myself, I guess (again, sorry...)):