From ecad5b8966dd098fdc37dc448d66841bc6148131 Mon Sep 17 00:00:00 2001 From: Sandrine Bailleux Date: Wed, 12 Aug 2020 10:52:32 +0200 Subject: [PATCH] doc: Emphasize that security issues must not be reported as normal bugs Change-Id: I43e452c9993a8608b20ec029562982f5dcf8e6b2 Signed-off-by: Sandrine Bailleux --- docs/process/security.rst | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/docs/process/security.rst b/docs/process/security.rst index 0d59e723c..a3b9971e4 100644 --- a/docs/process/security.rst +++ b/docs/process/security.rst @@ -20,13 +20,15 @@ Found a Security Issue? Although we try to keep TF-A secure, we can only do so with the help of the community of developers and security researchers. -If you think you have found a security vulnerability, please **do not** report -it in the `issue tracker`_ or on the `mailing list`_. Instead, please follow the -`TrustedFirmware.org security incident process`_. One of the goals of this -process is to ensure providers of products that use TF-A have a chance to -consider the implications of the vulnerability and its remedy before it is made -public. As such, please follow the disclosure plan outlined in the process. We -do our best to respond and fix any issues quickly. +.. warning:: + If you think you have found a security vulnerability, please **do not** + report it in the `issue tracker`_ or on the `mailing list`_. Instead, please + follow the `TrustedFirmware.org security incident process`_. + +One of the goals of this process is to ensure providers of products that use +TF-A have a chance to consider the implications of the vulnerability and its +remedy before it is made public. As such, please follow the disclosure plan +outlined in the process. We do our best to respond and fix any issues quickly. Afterwards, we encourage you to write-up your findings about the TF-A source code.