Hi @HugPeter-9392 , Azure RTOS will communicate the and deliver the critical security fixes in our product with following procedures:
- We will identify the issue and confirm it in the first place
- We will patch and release the fix by following our product support policy: http://aka.ms/azrtos/lts
- We will then create the GitHub security advisory (e.g. https://github.com/azure-rtos/usbx/security/advisories) and related CVE ID with it.
And for turn-around time, if customer need the fix urgently, we can hand over the patch directly to them. Normally a critical bug fix will be release within a couple of days or weeks within 30 days after it's confirmed.