[Buildroot] [PATCH RFC 2/2] SECURITY.md: add new file
Titouan Christophe
titouan.christophe at mind.be
Tue Mar 24 07:37:06 UTC 2026
This is an in-tree description of Buildroot's security policy
Signed-off-by: Titouan Christophe <titouan.christophe at mind.be>
---
SECURITY.md | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
create mode 100644 SECURITY.md
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000..6b955638df
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,16 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+To report a security vulnerability found in the Buildroot build system itself,
+please send an email to [security at buildroot.org](mailto:security at buildroot.org).
+
+## Vulnerabilities in packages
+
+Buildroot is a build system that cross-compiles packages from third-party
+sources. The Buildroot developers are not responsible for security
+vulnerabilities in these packages. Such vulnerabilities should be reported
+directly to the upstream project that maintains the affected package.
+
+When vulnerabilities are fixed upstream, send a patch to update the affected
+packages in Buildroot.
--
2.53.0
More information about the buildroot
mailing list