Skip to content

docs(feat): Add SECURITY guide #436

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
praneethbajjuri merged 1 commit into from
Aug 12, 2025
Merged

docs(feat): Add SECURITY guide #436

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 20 additions & 0 deletions SECURITY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
# Security Policy

Check warning on line 1 in SECURITY.md

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[RedHat.Headings] Use sentence-style capitalization in 'Security Policy'.

Raw Output:
{"message": "[RedHat.Headings] Use sentence-style capitalization in 'Security Policy'.", "location": {"path": "SECURITY.md", "range": {"start": {"line": 1, "column": 3}}}, "severity": "INFO"}

Check warning on line 1 in SECURITY.md

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[RedHat.ReadabilityGrade] Simplify your language. The calculated Flesch–Kincaid grade level of 11.76 is above the recommended reading grade level of 9.

Raw Output:
{"message": "[RedHat.ReadabilityGrade] Simplify your language. The calculated Flesch–Kincaid grade level of 11.76 is above the recommended reading grade level of 9.", "location": {"path": "SECURITY.md", "range": {"start": {"line": 1, "column": 1}}}, "severity": "INFO"}

At TI, we set a high priority on the security of our products. However, as we all know, no matter how much effort is put into product security, no product or customer system can be 100% secure.

Check warning on line 3 in SECURITY.md

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[RedHat.PassiveVoice] 'is put' is passive voice. In general, use active voice. Consult the style guide for acceptable use of passive voice.

Raw Output:
{"message": "[RedHat.PassiveVoice] 'is put' is passive voice. In general, use active voice. Consult the style guide for acceptable use of passive voice.", "location": {"path": "SECURITY.md", "range": {"start": {"line": 3, "column": 115}}}, "severity": "INFO"}
TI wants to learn about any potential security issues impacting our products so that we can take the necessary steps to promptly address them.
TI’s Product Security Incident Response Team (PSIRT) oversees the process of accepting and responding to reports of potential security vulnerabilities involving TI semiconductor products, including hardware, software and documentation.

Check warning on line 5 in SECURITY.md

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[RedHat.OxfordComma] Use the Oxford comma in 'hardware, software and documentation.'.

Raw Output:
{"message": "[RedHat.OxfordComma] Use the Oxford comma in 'hardware, software and documentation.'.", "location": {"path": "SECURITY.md", "range": {"start": {"line": 5, "column": 199}}}, "severity": "INFO"}

Check warning on line 5 in SECURITY.md

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[RedHat.SmartQuotes] Do not use smart quotation marks. Use ''' rather than ’.

Raw Output:
{"message": "[RedHat.SmartQuotes] Do not use smart quotation marks. Use ''' rather than ’.", "location": {"path": "SECURITY.md", "range": {"start": {"line": 5, "column": 3}}}, "severity": "WARNING"}

## Reporting a Vulnerability

Check warning on line 7 in SECURITY.md

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[RedHat.Headings] Use sentence-style capitalization in 'Reporting a Vulnerability'.

Raw Output:
{"message": "[RedHat.Headings] Use sentence-style capitalization in 'Reporting a Vulnerability'.", "location": {"path": "SECURITY.md", "range": {"start": {"line": 7, "column": 4}}}, "severity": "INFO"}

You can contact the TI PSIRT to report a potential security vulnerability at psirt@ti.com. Your report should be in English. TI will respond in a timely manner to confirm receipt of your email.
Vulnerability information is extremely sensitive. The TI PSIRT strongly recommends that all submitted security vulnerability reports be sent encrypted, using the TI PSIRT PGP/GPG Key:

Check warning on line 10 in SECURITY.md

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[RedHat.Definitions] Define acronyms and abbreviations (such as 'GPG') on first occurrence if they're likely to be unfamiliar.

Raw Output:
{"message": "[RedHat.Definitions] Define acronyms and abbreviations (such as 'GPG') on first occurrence if they're likely to be unfamiliar.", "location": {"path": "SECURITY.md", "range": {"start": {"line": 10, "column": 176}}}, "severity": "INFO"}

Check warning on line 10 in SECURITY.md

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[RedHat.Slash] Use either 'or' or 'and' in 'PGP/GPG'

Raw Output:
{"message": "[RedHat.Slash] Use either 'or' or 'and' in 'PGP/GPG'", "location": {"path": "SECURITY.md", "range": {"start": {"line": 10, "column": 172}}}, "severity": "WARNING"}

Check warning on line 10 in SECURITY.md

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[RedHat.Definitions] Define acronyms and abbreviations (such as 'PGP') on first occurrence if they're likely to be unfamiliar.

Raw Output:
{"message": "[RedHat.Definitions] Define acronyms and abbreviations (such as 'PGP') on first occurrence if they're likely to be unfamiliar.", "location": {"path": "SECURITY.md", "range": {"start": {"line": 10, "column": 172}}}, "severity": "INFO"}

Check warning on line 10 in SECURITY.md

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[RedHat.PassiveVoice] 'be sent' is passive voice. In general, use active voice. Consult the style guide for acceptable use of passive voice.

Raw Output:
{"message": "[RedHat.PassiveVoice] 'be sent' is passive voice. In general, use active voice. Consult the style guide for acceptable use of passive voice.", "location": {"path": "SECURITY.md", "range": {"start": {"line": 10, "column": 134}}}, "severity": "INFO"}

Fingerprint: 898C ECC3 451F 9438 D972 06B6 4C13 1A0F 9AF0 04D8
[Public Key File (ZIP, 3 KB)](https://www.ti.com/lit/zip/sszo046)

Free software to read and author PGP/GPG encrypted messages may be obtained from:

[Gpg4win](https://www.gpg4win.org/)
[GnuPG](https://www.gnupg.org/)

For more information, visit [ti.com/psirt](https://www.ti.com/support-quality/quality-policies-procedures/report-product-security-vulnerabilities.html)
Loading