2021-07-13 2026-03-07 Expert Review Yakov Shafranovich, Edwin Foudil Acknowledgments link to page where security researchers are recognized yes current IETF Canonical canonical URI for this file yes current IETF Contact contact information to use for reporting vulnerabilities yes current IETF CSAF Link to a provider-metadata.json resource of the Common Security Advisory Framework (CSAF) yes current Common Security Advisory Framework Version 2.0, OASIS Standard Expires date and time after which this file is considered stale no current IETF Encryption link to a key to be used for encrypted communication yes current IETF Hiring link to the vendor's security-related job positions yes current IETF Policy link to security policy page yes current IETF Preferred-Languages list of preferred languages for security reports no current IETF Bug-Bounty A project or company that may financially reward reporters via a bug bounty program as per section 3.5.5 of [CERT.CVD] can indicate this by adding the line "Bug-Bounty: True". Adding the line "Bug-Bounty: False" indicates that no financial reward via a bug bounty program can be offered. no current IETF Software Engineering Institute, "The CERT Guide to Coordinated Vulnerability Disclosure", Carnegie Mellon University, CMU/SEI-2017-SR-022, August 2017 OASIS Open mailto:project-admin&oasis-open.org https://www.oasis-open.org 2023-02-15