From 13828532b4b36fb91b216fbe871d4918546f0c28 Mon Sep 17 00:00:00 2001 From: David Hook Date: Tue, 19 Mar 2024 14:36:15 +1100 Subject: [PATCH] minor wording, added mention of FIPS --- SECURITY.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index ed92b93b20..3813599af0 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,14 +1,17 @@ # Security Policy ## Reporting a Vulnerability + If you think that you have found a security vulnerability, please report it to this email address: [feedback-crypto@bouncycastle.org](mailto:feedback-crypto@bouncycastle.org) Describe the issue including all details, for example: * Short summary of the problem * Steps to reproduce -* Affected product versions +* Affected API versions * Logs if available -The Keyfactor team will send a response indicating the next steps in handling your report. You may be asked to provide additional information or guidance. +The Bouncy Castle team will send a response indicating the next steps in handling your report. You may be asked to provide additional information or guidance. + +If the issue is confirmed as a vulnerability, we will open a Security Advisory and acknowledge your contributions as part of it. Optionally, you can have your name and contact information listed in [Contributors](https://www.bouncycastle.org/contributors.html) as well. -If the issue is confirmed as a vulnerability, we will open a Security Advisory and acknowledge your contributions as part of it. Optionally, you can have your name and contact information listed in [Contributors](https://www.bouncycastle.org/contributors.html). +Please note we endeavor to issue patched releases that deal with security issues as soon as they are made known to us, ideally prior to issuing a Security Advisory where otherwise possible. In some cases, particularly if it relates to a FIPS release, delays due to external processes may delay the issuing of a Security Advisory.