| Tom Cosgrove | 0b86ac1 | 2022-07-29 13:44:01 +0100 | [diff] [blame] | 1 | ## Reporting Vulnerabilities |
| Manuel Pégourié-Gonnard | a21abf2 | 2021-02-25 11:41:38 +0100 | [diff] [blame] | 2 | |
| 3 | If you think you have found an Mbed TLS security vulnerability, then please |
| 4 | send an email to the security team at |
| 5 | <mbed-tls-security@lists.trustedfirmware.org>. |
| 6 | |
| 7 | ## Security Incident Handling Process |
| 8 | |
| Shaun Case | 8b0ecbc | 2021-12-20 21:14:10 -0800 | [diff] [blame] | 9 | Our security process is detailed in our |
| Gilles Peskine | a23df13 | 2021-03-16 12:04:44 +0100 | [diff] [blame] | 10 | [security |
| Manuel Pégourié-Gonnard | a21abf2 | 2021-02-25 11:41:38 +0100 | [diff] [blame] | 11 | center](https://developer.trustedfirmware.org/w/mbed-tls/security-center/). |
| 12 | |
| 13 | Its primary goal is to ensure fixes are ready to be deployed when the issue |
| 14 | goes public. |
| 15 | |
| 16 | ## Maintained branches |
| 17 | |
| Gilles Peskine | a23df13 | 2021-03-16 12:04:44 +0100 | [diff] [blame] | 18 | Only the maintained branches, as listed in [`BRANCHES.md`](BRANCHES.md), |
| 19 | get security fixes. |
| Manuel Pégourié-Gonnard | a21abf2 | 2021-02-25 11:41:38 +0100 | [diff] [blame] | 20 | Users are urged to always use the latest version of a maintained branch. |