[openssl/general-policies] 35e52d: Address some of the issues with the security policy

[Tomáš Mráz]

Branch: refs/heads/master
Home: https://github.com/openssl/general-policies
Commit: 35e52d0060ceef3fede887bdba9c1c29b7c79d5f
https://github.com/openssl/general-policies/commit/35e52d0060ceef3fede887bdba9c1c29b7c79d5f
Author: Tomáš Mráz <to...@openssl.foundation>
Date: 2026-06-17 (Wed, 17 Jun 2026)

Changed paths:
M policies/security-policy.md

Log Message:
-----------
Address some of the issues with the security policy

* Address some of the issues with the security policy

- request to report single issue per email
- clarification of the threat model
- some adjustments of the existing severity levels
- by default Low issues are handled the same as Moderate
- provide some guidance on when to update to new releases
- mention the discrepancy between our severity and CVSS

Approved by: Matt, Tim, Anton



To unsubscribe from these emails, change your notification settings at https://github.com/openssl/general-policies/settings/notifications