This document outlines the security procedures and policies for the Open-CMSIS-Pack cmsis-toolbox project.
The Open-CMSIS-Pack cmsis-toolbox maintainers take security issues seriously and appreciate responsible disclosure. Your efforts to improve project security are highly valued.
We use GitHub's private vulnerability reporting. To submit a report, please include:
- A detailed description of the issue
- Steps to reproduce the vulnerability
- Affected project versions
- Any known mitigations
A maintainer will acknowledge your report as soon as possible and guide the next steps. We will keep you informed of progress toward a fix and may request additional details if needed.
Once a security issue is reported, the maintainers will:
- Confirm the issue
- Identify/Confirm affected versions
- Audit related code for similar vulnerabilities
- Develop and release patches for maintained versions
If you have suggestions for improving this process, please open an issue or submit a pull request.