...
This policy was approved by the TSC on 5/20/2019.
The EdgeX Foundry project takes security threats and issues seriously. In an attempt to address and handle security issues, the EdgeX community (at the hands of the Security WG) will put the following in place for the Edinburgh release:
...
On receipt of a security issue via the mailing address, if the reported issue is a publicly disclosed (ie an EdgeX dependency with a CVE) issue, the issue may be discussed during the next security working group meeting, otherwise the SIR Team will perform the following:
...