From 48b2c23b9a185377ab825701fe912697b6fd06d0 Mon Sep 17 00:00:00 2001 From: Fredrik Cervin Date: Mon, 14 Oct 2024 11:28:46 +0200 Subject: [PATCH] docs(security): update --- SECURITY.md | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index ed09859..e797f1b 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,9 +1,3 @@ # Security -## Security advisories & vulnerability archive - -Axis follows industry best practices in managing and responding to security vulnerabilities in our products to minimize customers risk of exposure. Axis cannot guarantee that products and services are free from flaws that may be exploited for malicious attacks. Therefore we monitor known vulnerabilities referred to as CVE (Common Vulnerabilities and Exposure). CVEs that Axis identify as critical or caused by Axis will be prioritized and often announced with a [Security Advisory](https://www.axis.com/stay-secure). The vulnerability archive transparently lists both Open Source and Axis vulnerabilities that have been brought to our attention. - -## Contact information - -In the case that you have discovered a new vulnerability in Open Source, you are encouraged to submit your discovery via email to [product-security@axis.com](mailto:product-security@axis.com). Sensitive content can be encrypted using our [public PGP key](https://www.axis.com/files/faq/7C276176B2B55CFD6625689289C8EC9593D974BB.txt). Note that Axis does not operate any bug bounty programs, however we credit the person responsible for the discovery. For more information about Axis vulnerability management, please refer to the [Axis Vulnerability Policy](https://www.axis.com/files/manuals/gd_policy_axis_vulnerability_en_1704_lo.pdf). +Please see [Axis Vulnerability Management Policy](https://help.axis.com/axis-vulnerability-management-policy) for details on scope, commitment, vulnerability management, reporting vulnerabilities, disclosing vulnerabilities, out-of-scope vulnerabilities and security notifcation service.