TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-M / trusted-firmware-m / f7a4404db32c5c3c609d7fa696374f3c05fb7336^! / . / docs / security / index.rst
commitf7a4404db32c5c3c609d7fa696374f3c05fb7336[log] [tgz]
authorAnton Komlev <anton.komlev@arm.com>Thu Jan 26 14:50:22 2023 +0000
committerAnton Komlev <Anton.Komlev@arm.com>Fri Feb 10 13:00:26 2023 +0100
treee4087121acb5f6f2adcdbc83637ab47e5473d497
parent267e5c037d7a1c5227ea38aadaa3014223f9aae8 [diff] [blame]
Docs: Tidy up the security section

Signed-off-by: Anton Komlev <anton.komlev@arm.com>
Change-Id: I71cac0e19434def9c73859275b3130798f2efd0d

diff --git a/docs/security/index.rst b/docs/security/index.rst
index 22bdcba..736c799 100644
--- a/docs/security/index.rst
+++ b/docs/security/index.rst

@@ -1,12 +1,54 @@
+########
 Security
-========
+########
+
 .. toctree::
     :maxdepth: 1
-    :glob:
 
-    */index
-    *
+    Threat Model <threat_models/index>
+    Security Advisories <security_advisories/index>
+
+Security Disclosures
+--------------------
+
+Trusted Firmware-M(TF-M) disclose all security vulnerabilities, or are advised
+about, that are relevant to TF-M. TF-M encourage responsible disclosure of
+vulnerabilities and try the best to inform users about all possible issues.
+
+The TF-M vulnerabilities are disclosed as Security Advisories, all of which are
+listed at the bottom of this page.
+
+Found a Security Issue?
+-----------------------
+
+Although TF-M try to keep secure, it can only do so with the help of the
+community of developers and security researchers.
+
+.. warning::
+   If any security vulnerability was found, please **do not**
+   report it in the `issue tracker`_ or on the `mailing list`_. Instead, please
+   follow the `TrustedFirmware.org security incident process`_.
+
+One of the goals of this process is to ensure providers of products that use
+TF-M have a chance to consider the implications of the vulnerability and its
+remedy before it is made public. As such, please follow the disclosure plan
+outlined in the `Security Incident Process`_. TF-M do the best to respond and
+fix any issues quickly.
+
+Afterwards, write-up all the findings about the TF-M source code is highly
+encouraged.
+
+Attribution
+-----------
+
+TF-M values researchers and community members who report vulnerabilities and
+TF-M policy is to credit the contributor's name in the published security advisory.
+
+.. _issue tracker: https://developer.trustedfirmware.org/project/view/2/
+.. _mailing list: https://lists.trustedfirmware.org/mailman/listinfo/tf-m
+.. _TrustedFirmware.org security incident process: https://developer.trustedfirmware.org/w/collaboration/security_center/
+.. _Security Incident Process: https://developer.trustedfirmware.org/w/collaboration/security_center/reporting/
 
 --------------
 
-*Copyright (c) 2021, Arm Limited. All rights reserved.*
+*Copyright (c) 2020-2023, Arm Limited. All rights reserved.*