doc: security/etsi: Provision 5.2.2 assessment

Add self-assessment for provision 5.2.2 Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
2024-05-08 12:34:26 -07:00 · 2024-05-08 12:34:26 -07:00 · da255c3e3d
commit da255c3e3d
parent 2c3e1a3047
2 changed files with 4 additions and 2 deletions
--- a/doc/security/reporting.rst
+++ b/doc/security/reporting.rst
@ -101,6 +101,8 @@ and 2. Exploitability of the issue.  Issues that the subcommittee
 decides do not need an embargo will be reproduced in the regular
 Zephyr project bug tracking system.

+.. _vulnerability_timeline:
+
 Security sensitive vulnerabilities shall be made public after an
 embargo period of at most 90 days.  The intent is to allow 30 days
 within the Zephyr project to fix the issues, and 60 days for external
--- a/doc/security/standards/etsi-303645.rst
+++ b/doc/security/standards/etsi-303645.rst
@ -245,8 +245,8 @@ Provisions Assessment
    * - Provision 5.2-2
      - Disclosed vulnerabilities should be acted on in a timely manner.
      - R
-      -
-      -
+      - Y
+      - :ref:`Vulnerability Timeline  <vulnerability_timeline>`

        .. _ETSI_Provision_5_2_3:
    * - Provision 5.2-3