You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/software/ide-v1/tutorials/ide-v1-security/ide-v1-security.md
+8-4Lines changed: 8 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,7 @@
1
1
---
2
2
title: 'Security of Arduino IDE'
3
-
description: 'Learn the secure development process behind Arduino IDE.'
3
+
description: 'Learn about the secure development process behind the Arduino IDE.'
4
+
4
5
tags:
5
6
- Security
6
7
author: 'Arduino Security Team'
@@ -10,7 +11,8 @@ Arduino IDE 2.x is the latest version of the Arduino Programming tool and it is
10
11
11
12
Arduino is committed to regularly monitor and update security measures applied to the Arduino IDE to ensure proper protection from any threats or vulnerabilities detected.
12
13
13
-
Arduino defined principles and requirements to be followed within the secure development lifecycle of Hardware, System and Software and the development of the open-source Arduino software makes no exception. In particular, Arduino follows the **Secure by Design** principle in every stage of the software development and the **Security Principles** listed below are followed during the secure development lifecycle:
14
+
Arduino's defined principles and requirements to be followed within the secure development lifecycle of Hardware, System and Software and the development of the open-source Arduino software makes no exception. In particular, Arduino follows the **Secure by Design** principle in every stage of the software development and the **Security Principles** listed below are followed during the secure development lifecycle:
15
+
14
16
15
17
-**Apply Defense in Depth**: Layered security mechanisms are in place to increase security as a whole.
16
18
-**Use a Positive Security Model**: A ‘positive’ security model defines what is allowed and rejects everything else.
@@ -38,15 +40,17 @@ As part of the security testing activities, Arduino periodically performs the fo
38
40
39
41
Finally, should an Arduino user or customer suspect a vulnerability or security issue, they are invited to report it as described in our Coordinated Vulnerability Disclosure policy available at: [https://www.arduino.cc/en/security](https://www.arduino.cc/en/security).
40
42
41
-
## Third party components
43
+
## Third Party Components
44
+
42
45
In the process of conducting Secure Component Analysis, Arduino puts particular attention on the aforementioned external dependencies (Eclipse Theia and OpenJS Electron) and reports any found vulnerability to the respective project maintainer:
43
46
44
47
- Eclipse Theia manages vulnerabilities using the process described in [https://www.eclipse.org/security](https://www.eclipse.org/security).
45
48
- OpenJS Electron vulnerabilities are managed using the process described in [https://www.electronjs.org/docs/latest/tutorial/security](https://www.electronjs.org/docs/latest/tutorial/security).
46
49
47
50
When vulnerabilities in third party components are fixed by the respective maintainer, Arduino will update the component involved as required, in a commercially reasonable time, based on the severity of the identified vulnerability.
48
51
49
-
## Versions management
52
+
## Version Management
53
+
50
54
When it comes to managing multiple versions of the Arduino IDE, the following policy will be applied:
51
55
52
56
- all security principles that are applicable to the process (design, development, testing, release) will apply to any version currently in development
Copy file name to clipboardExpand all lines: content/software/ide-v2/tutorials/ide-v2-security/ide-v2-security.md
+6-3Lines changed: 6 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -10,7 +10,8 @@ Arduino IDE 2.x is the latest version of the Arduino Programming tool and it is
10
10
11
11
Arduino is committed to regularly monitor and update security measures applied to the Arduino IDE to ensure proper protection from any threats or vulnerabilities detected.
12
12
13
-
Arduino defined principles and requirements to be followed within the secure development lifecycle of Hardware, System and Software and the development of the open-source Arduino software makes no exception. In particular, Arduino follows the **Secure by Design** principle in every stage of the software development and the **Security Principles** listed below are followed during the secure development lifecycle:
13
+
Arduino's defined principles and requirements to be followed within the secure development lifecycle of Hardware, System and Software and the development of the open-source Arduino software makes no exception. In particular, Arduino follows the **Secure by Design** principle in every stage of the software development and the **Security Principles** listed below are followed during the secure development lifecycle:
14
+
14
15
15
16
-**Apply Defense in Depth**: Layered security mechanisms are in place to increase security as a whole.
16
17
-**Use a Positive Security Model**: A ‘positive’ security model defines what is allowed and rejects everything else.
@@ -38,15 +39,17 @@ As part of the security testing activities, Arduino periodically performs the fo
38
39
39
40
Finally, should an Arduino user or customer suspect a vulnerability or security issue, they are invited to report it as described in our Coordinated Vulnerability Disclosure policy available at: [https://www.arduino.cc/en/security](https://www.arduino.cc/en/security).
40
41
41
-
## Third party components
42
+
## Third Party Components
43
+
42
44
In the process of conducting Secure Component Analysis, Arduino puts particular attention on the aforementioned external dependencies (Eclipse Theia and OpenJS Electron) and reports any found vulnerability to the respective project maintainer:
43
45
44
46
- Eclipse Theia manages vulnerabilities using the process described in [https://www.eclipse.org/security](https://www.eclipse.org/security).
45
47
- OpenJS Electron vulnerabilities are managed using the process described in [https://www.electronjs.org/docs/latest/tutorial/security](https://www.electronjs.org/docs/latest/tutorial/security).
46
48
47
49
When vulnerabilities in third party components are fixed by the respective maintainer, Arduino will update the component involved as required, in a commercially reasonable time, based on the severity of the identified vulnerability.
48
50
49
-
## Versions management
51
+
## Version Management
52
+
50
53
When it comes to managing multiple versions of the Arduino IDE, the following policy will be applied:
51
54
52
55
- all security principles that are applicable to the process (design, development, testing, release) will apply to any version currently in development
0 commit comments