Hello All,
I have two topics (related).
I rely on you, Don, and Shebu to decide if the Board of tomorrow or the TSC of Thursday is most appropriate meeting to
discuss them:
-Process clarification to report security issue for MCUboot after the merge of the project in TF.org:
https://github.com/mcu-tools/mcuboot/security
vs
https://developer.trustedfirmware.org/w/collaboration/security_center/reporting/
-How to manage certification
constraints vs community vulnerability management ?
-Today Certificates are Terminated in case of an trustedfirmware.org impacting issue (without
any information for the customer to understand). Can members (if there are interested) team-up to see with labs how to improve this situation
-Could we explore way to get “official” patches fixing a CVE recognized
by labs so that applicating such patches avoid to get a certificates terminated ?
Regards,
Eric
Eric FINCO
|
Tel: +33 (0)2 4402 7154
MDG
|
Technical Specialist
From: Dan Handley via TSC <tsc@lists.trustedfirmware.org>
Sent: mardi 13 juin 2023 17:06
To: tsc@lists.trustedfirmware.org
Cc: Olivier Deprez <Olivier.Deprez@arm.com>; Joanna Farley <Joanna.Farley@arm.com>
Subject: [TF-TSC] TSC agenda 2023-06-15
Hi all
Please let me know if you have any urgent agenda topics for tomorrow. I have these so far:
Regards
Dan.