michaelh/zephyr
1
0
Fork 0
Code Releases Activity

doc: security/etsi: Provision 5.2.2 assessment

Browse source 
Add self-assessment for provision 5.2.2

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
This commit is contained in:
Flavio Ceolin 2024-05-08 12:34:26 -07:00 committed by Carles Cufí
commit da255c3e3d
2 changed files with 4 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
doc/security/reporting.rst
View file

@ -101,6 +101,8 @@ and 2. Exploitability of the issue. Issues that the subcommittee
decides do not need an embargo will be reproduced in the regular decides do not need an embargo will be reproduced in the regular
Zephyr project bug tracking system. Zephyr project bug tracking system.
.. _vulnerability_timeline:
Security sensitive vulnerabilities shall be made public after an Security sensitive vulnerabilities shall be made public after an
embargo period of at most 90 days. The intent is to allow 30 days embargo period of at most 90 days. The intent is to allow 30 days
within the Zephyr project to fix the issues, and 60 days for external within the Zephyr project to fix the issues, and 60 days for external

4
doc/security/standards/etsi-303645.rst
View file

@ -245,8 +245,8 @@ Provisions Assessment
* - Provision 5.2-2 * - Provision 5.2-2
- Disclosed vulnerabilities should be acted on in a timely manner. - Disclosed vulnerabilities should be acted on in a timely manner.
- R - R
- - Y
- - :ref:`Vulnerability Timeline <vulnerability_timeline>`
.. _ETSI_Provision_5_2_3: .. _ETSI_Provision_5_2_3:
* - Provision 5.2-3 * - Provision 5.2-3