diff --git a/docs/source/policies/security_response_policy.rst b/docs/source/policies/security_response_policy.rst index 9a282c2..21f26b6 100644 --- a/docs/source/policies/security_response_policy.rst +++ b/docs/source/policies/security_response_policy.rst @@ -15,7 +15,7 @@ Reporting Security Issues We encourage you to report security vulnerabilities to us privately so that we can follow a coordinated disclosure process, allowing us time to thoroughly investigate security issues and publicly disclose them when appropriate. -To report security issues in our products or on ni.com, email <`security@ni.com`_> with sufficient details about how to reproduce the issue. You may use the `NI PGP key `_ to encrypt any sensitive communications you send to us. When you notify us of a potential security issue, our remediation process includes acknowledging receipt and coordinating any necessary response activities with you. +To report security issues in our products or on ni.com, email <`ni-psirt@emerson.com`_> with sufficient details about how to reproduce the issue. You may use the `NI PGP key `_ to encrypt any sensitive communications you send to us. When you notify us of a potential security issue, our remediation process includes acknowledging receipt and coordinating any necessary response activities with you. If you are interested in reporting a security issue in an NI product other than NI LinuxRT, reference the company security page `here `_. @@ -23,8 +23,6 @@ If you are interested in reporting a security issue in an NI product other than Requesting CVE Exposure information ----------------------------------- -Vulnerabilities in community software packages are frequently fixed by patching the source code, without changing the package's final version number. Because of this, vulnerability scanners sometimes erroneously flag a package as being vulnerable to exploits which have already been patched. To request a disposition about whether your deployed version of NILRT is exposed to a vulnerability, send an email to <`product-security@ni.com`_> with information about your deployed system and the discrete set of interesting CVEs. +Vulnerabilities in community software packages are frequently fixed by patching the source code, without changing the package's final version number. Because of this, vulnerability scanners sometimes erroneously flag a package as being vulnerable to exploits which have already been patched. To request a disposition about whether your deployed version of NILRT is exposed to a vulnerability, send an email to <`ni-psirt@emerson.com`_> with information about your deployed system and the discrete set of interesting CVEs. - -.. _product-security@ni.com: mailto:product-security@ni.com -.. _security@ni.com: mailto:security@ni.com \ No newline at end of file +.. _ni-psirt@emerson.com: mailto:ni-psirt@emerson.com \ No newline at end of file