Merge pull request #10284 from ColtonWilley/security_policy_and_report_template

Publish wolfSSL Security Policy and Vulnerability Report Template
This commit is contained in:
David Garske
2026-05-05 10:46:49 -07:00
committed by GitHub
3 changed files with 323 additions and 5 deletions
+6 -5
View File
@@ -2,11 +2,12 @@
## Reporting a Vulnerability
If you discover a vulnerability, please report it to support@wolfssl.com
**Use of the wolfSSL Vulnerability Report Template is mandatory.** All security reports must use [`SECURITY-REPORT-TEMPLATE.md`](../SECURITY-REPORT-TEMPLATE.md), with every required field completed. Reports that do not use the template, or that leave required fields incomplete, will not receive CVE consideration.
1. Include a detailed description
2. Include method to reproduce and/or method of discovery
3. We will evaluate the report promptly and respond to you with findings.
4. We will credit you with the report if you would like.
Submit the completed template to **support@wolfssl.com**.
Non-template submissions may still be reviewed on the merits and, where appropriate, addressed as hardening fixes in a future release.
**Please keep the vulnerability private** until a fix has been released.
For the full policy — severity rubric, coordinated-disclosure practice, and reporter credit — see [`SECURITY-POLICY.md`](../SECURITY-POLICY.md).