Hi all

 

The new TrustedFirmware.org security incident process is now live. This process is described  here:

https://developer.trustedfirmware.org/w/collaboration/security_center/reporting/

 

Initially the process will be used for the following projects: TF-A, TF-M, OP-TEE and Mbed TLS. The security documentation for each project will be updated soon to reflect this change.

 

If you are part of an organization that believes it should receive security vulnerability information before it is made public then please ask your relevant colleagues to register as Trusted Stakeholders as described here:

https://developer.trustedfirmware.org/w/collaboration/security_center/trusted_stakeholder_registration/

 

Note we prefer individuals in each organization to coordinate their registration requests with each other and to provide us with an email alias managed by your organization instead of us managing a long list of individual addresses.

 

Best regards

 

Dan.

(on behalf of the TrustedFirmware.org security team)