From bd79085c18fc43603ac23a31fec497d5489dce9a Mon Sep 17 00:00:00 2001 From: Ali Labbene Date: Mon, 10 Apr 2023 13:18:51 +0100 Subject: [PATCH] Add SECURITY.md, remove LICENSE.txt, and rename License.md --- License.md => LICENSE.md | 0 LICENSE.txt | 86 ---------------------------------------- SECURITY.md | 31 +++++++++++++++ 3 files changed, 31 insertions(+), 86 deletions(-) rename License.md => LICENSE.md (100%) delete mode 100644 LICENSE.txt create mode 100644 SECURITY.md diff --git a/License.md b/LICENSE.md similarity index 100% rename from License.md rename to LICENSE.md diff --git a/LICENSE.txt b/LICENSE.txt deleted file mode 100644 index e66295c..0000000 --- a/LICENSE.txt +++ /dev/null @@ -1,86 +0,0 @@ -This software component is provided to you as part of a software package and -applicable license terms are in the Package_license file. If you received this -software component outside of a package or without applicable license terms, -the terms of the SLA0044 license shall apply and are fully reproduced below: - -SLA0044 Rev5/February 2018 - -Software license agreement - -ULTIMATE LIBERTY SOFTWARE LICENSE AGREEMENT - -BY INSTALLING, COPYING, DOWNLOADING, ACCESSING OR OTHERWISE USING THIS SOFTWARE -OR ANY PART THEREOF (AND THE RELATED DOCUMENTATION) FROM STMICROELECTRONICS -INTERNATIONAL N.V, SWISS BRANCH AND/OR ITS AFFILIATED COMPANIES -(STMICROELECTRONICS), THE RECIPIENT, ON BEHALF OF HIMSELF OR HERSELF, OR ON -BEHALF OF ANY ENTITY BY WHICH SUCH RECIPIENT IS EMPLOYED AND/OR ENGAGED AGREES -TO BE BOUND BY THIS SOFTWARE LICENSE AGREEMENT. - -Under STMicroelectronics’ intellectual property rights, the redistribution, -reproduction and use in source and binary forms of the software or any part -thereof, with or without modification, are permitted provided that the following -conditions are met: - -1. Redistribution of source code (modified or not) must retain any copyright -notice, this list of conditions and the disclaimer set forth below as items 10 -and 11. - -2. Redistributions in binary form, except as embedded into microcontroller or -microprocessor device manufactured by or for STMicroelectronics or a software -update for such device, must reproduce any copyright notice provided with the -binary code, this list of conditions, and the disclaimer set forth below as -items 10 and 11, in documentation and/or other materials provided with the -distribution. - -3. Neither the name of STMicroelectronics nor the names of other contributors to -this software may be used to endorse or promote products derived from this -software or part thereof without specific written permission. - -4. This software or any part thereof, including modifications and/or derivative -works of this software, must be used and execute solely and exclusively on or in -combination with a microcontroller or microprocessor device manufactured by or -for STMicroelectronics. - -5. No use, reproduction or redistribution of this software partially or totally -may be done in any manner that would subject this software to any Open Source -Terms. “Open Source Terms” shall mean any open source license which requires as -part of distribution of software that the source code of such software is -distributed therewith or otherwise made available, or open source license that -substantially complies with the Open Source definition specified at -www.opensource.org and any other comparable open source license such as for -example GNU General Public License (GPL), Eclipse Public License (EPL), Apache -Software License, BSD license or MIT license. - -6. STMicroelectronics has no obligation to provide any maintenance, support or -updates for the software. - -7. The software is and will remain the exclusive property of STMicroelectronics -and its licensors. The recipient will not take any action that jeopardizes -STMicroelectronics and its licensors' proprietary rights or acquire any rights -in the software, except the limited rights specified hereunder. - -8. The recipient shall comply with all applicable laws and regulations affecting -the use of the software or any part thereof including any applicable export -control law or regulation. - -9. Redistribution and use of this software or any part thereof other than as -permitted under this license is void and will automatically terminate your -rights under this license. - -10. THIS SOFTWARE IS PROVIDED BY STMICROELECTRONICS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS, IMPLIED OR STATUTORY WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -NON-INFRINGEMENT OF THIRD PARTY INTELLECTUAL PROPERTY RIGHTS, WHICH ARE -DISCLAIMED TO THE FULLEST EXTENT PERMITTED BY LAW. IN NO EVENT SHALL -STMICROELECTRONICS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR -PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE -OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF -ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -11. EXCEPT AS EXPRESSLY PERMITTED HEREUNDER, NO LICENSE OR OTHER RIGHTS, WHETHER -EXPRESS OR IMPLIED, ARE GRANTED UNDER ANY PATENT OR OTHER INTELLECTUAL PROPERTY -RIGHTS OF STMICROELECTRONICS OR ANY THIRD PARTY. - diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..b784d15 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,31 @@ +# Report potential product security vulnerabilities + +ST places a high priority on security, and our Product Security Incident +Response Team (PSIRT) is committed to rapidly addressing potential security +vulnerabilities affecting our products. PSIRT's long history and vast experience +in security allows ST to perform clear analyses and provide appropriate guidance +on mitigations and solutions when applicable. + +If you wish to report potential security vulnerabilities regarding our products, +**please do not report them through public GitHub issues.** Instead, we +encourage you to report them to our ST PSIRT following the process described at: +**https://www.st.com/content/st_com/en/security/report-vulnerabilities.html** + +### IMPORTANT - READ CAREFULLY: + +STMicroelectronics International N.V., on behalf of itself, its affiliates and +subsidiaries, (collectively “ST”) takes all potential security vulnerability +reports or other related communications (“Report(s)”) seriously. In order to +review Your Report (the terms “You” and “Yours” include your employer, and all +affiliates, subsidiaries and related persons or entities) and take actions as +deemed appropriate, ST requires that we have the rights and Your permission to +do so. + +As such, by submitting Your Report to ST, You agree that You have the right to +do so, and You grant to ST the rights to use the Report for purposes related to +security vulnerability analysis, testing, correction, patching, reporting and +any other related purpose or function. + +By submitting Your Report, You agree that ST’s +[Privacy Policy](https://www.st.com/content/st_com/en/common/privacy-portal.html) +applies to all related communications.