From 5a09de77995d5a32b7b44829254b67ffa36af3cf Mon Sep 17 00:00:00 2001 From: Shaun L Date: Mon, 8 Dec 2025 16:40:04 +0000 Subject: [PATCH 1/3] Create new_bug_bounty_program.md bug bounty --- src/content/news/new_bug_bounty_program.md | 40 ++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 src/content/news/new_bug_bounty_program.md diff --git a/src/content/news/new_bug_bounty_program.md b/src/content/news/new_bug_bounty_program.md new file mode 100644 index 00000000..7f7d8204 --- /dev/null +++ b/src/content/news/new_bug_bounty_program.md @@ -0,0 +1,40 @@ +--- +author: trusted-firmware +title: A New Bug Bounty Program for Trusted Firmware +description: > + Trusted Firmware launches a new Bug Bounty Program. +date: 2025-12-08 12:01:00 +image: "../../assets/images/trusted-firmware.jpg" +--- + +# A new Bug Bounty Program for Trusted Firmware! + +The Trusted Firmware project is pleased to share that several of its projects have been included in a new Trusted Firmware Bug Bounty Program, which is being provided and operated by Arm. + +Trusted Firmware projects form essential building blocks for secure boot, trusted execution, and cryptographic operations across a wide range of Arm-based platforms. Arm’s decision to include them in the Bug Bounty program for Trusted Firmware demonstrates the importance of proactive, community-driven security across the ecosystem and the significance of these projects as foundational to the security of the Arm ecosystem. + +The following projects are included in the program: + +- __TrustedFirmware-A (TF-A):__ Provides secure boot, firmware lifecycle management and runtime services for Armv8-A and Armv9-A architectures. +- __TrustedFirmware-M (TF-M):__ Offers a PSA-compliant secure processing environment for Arm Cortex-M systems, including secure boot, attestation and crypto services. +- __OP-TEE:__ A popular open-source Trusted Execution Environment enabling isolated execution of trusted applications on Armv8-A systems. +- __Mbed TLS & TF-PSACrypto:__ Mbed TLS is a C library that implements X.509 certificate manipulation and the TLS and DTLS protocols. Its small code footprint makes it suitable for embedded systems. Mbed TLS includes the TF-PSA-Crypto repository that provides an implementation of the PSA Cryptography API. + +As open-source reference implementations and security libraries, these projects are widely integrated by silicon vendors, OEMs and developers. Also because these components sit at the root of trust for many products, improving their resilience benefits the entire ecosystem. + +Security researchers who identify issues in the in-scope projects can report them to the Bug Bounty Program for Trusted Firmware, which is hosted on the Intigriti platform. Reports will be jointly assessed by Arm’s Product Security Incident Response Team (PSIRT) and the Trusted Firmware security team, with qualifying issues being eligible for financial rewards based on severity and impact. + +## More information + +The Trusted Firmware project encourages security researchers, contributors and integrators to explore a broad range of security areas, including secure boot flows, isolation boundaries, privilege transitions, cryptographic implementations and protocol handling. + +Participation guidelines, scope details, reward information and the submission form are available [here](https://app.intigriti.com/programs/arm/trustedfirmware). + +The Trusted Firmware project welcomes the continued collaboration of researchers and partners, as we work together to enhance the security of the ecosystem. + +
+
+ +*__About the Linaro Community Projects Division__* + +*The Trusted Firmware project is hosted by [Linaro](https://www.linaro.org/) Community Projects Division - the division of Linaro managing open source community projects with open governance. Linaro empowers rapid product deployment within the dynamic Arm ecosystem.* From b01fe710468b7ade72468493e3848e83e636bcb0 Mon Sep 17 00:00:00 2001 From: Shaun L Date: Mon, 8 Dec 2025 16:43:47 +0000 Subject: [PATCH 2/3] Update new_bug_bounty_program.md typo --- src/content/news/new_bug_bounty_program.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/content/news/new_bug_bounty_program.md b/src/content/news/new_bug_bounty_program.md index 7f7d8204..f5a8eb9e 100644 --- a/src/content/news/new_bug_bounty_program.md +++ b/src/content/news/new_bug_bounty_program.md @@ -1,15 +1,15 @@ --- author: trusted-firmware -title: A New Bug Bounty Program for Trusted Firmware +title: A New Bug Bounty Program for Trusted Firmware! description: > - Trusted Firmware launches a new Bug Bounty Program. + Trusted Firmware launches a new Bug Bounty Program! date: 2025-12-08 12:01:00 image: "../../assets/images/trusted-firmware.jpg" --- # A new Bug Bounty Program for Trusted Firmware! -The Trusted Firmware project is pleased to share that several of its projects have been included in a new Trusted Firmware Bug Bounty Program, which is being provided and operated by Arm. +The Trusted Firmware project is pleased to share that several of its projects have been included in a new Trusted Firmware Bug Bounty Program, which is being provided and operated by Arm. Trusted Firmware projects form essential building blocks for secure boot, trusted execution, and cryptographic operations across a wide range of Arm-based platforms. Arm’s decision to include them in the Bug Bounty program for Trusted Firmware demonstrates the importance of proactive, community-driven security across the ecosystem and the significance of these projects as foundational to the security of the Arm ecosystem. From f720f89530636b26b057f15ae67e90e01396525e Mon Sep 17 00:00:00 2001 From: Shaun L Date: Mon, 8 Dec 2025 16:46:32 +0000 Subject: [PATCH 3/3] Update new_bug_bounty_program.md key point --- src/content/news/new_bug_bounty_program.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/news/new_bug_bounty_program.md b/src/content/news/new_bug_bounty_program.md index f5a8eb9e..dedd702d 100644 --- a/src/content/news/new_bug_bounty_program.md +++ b/src/content/news/new_bug_bounty_program.md @@ -28,7 +28,7 @@ Security researchers who identify issues in the in-scope projects can report the The Trusted Firmware project encourages security researchers, contributors and integrators to explore a broad range of security areas, including secure boot flows, isolation boundaries, privilege transitions, cryptographic implementations and protocol handling. -Participation guidelines, scope details, reward information and the submission form are available [here](https://app.intigriti.com/programs/arm/trustedfirmware). +__Participation guidelines, scope details, reward information and the submission form are available [here](https://app.intigriti.com/programs/arm/trustedfirmware).__ The Trusted Firmware project welcomes the continued collaboration of researchers and partners, as we work together to enhance the security of the ecosystem.