Trusted Stakeholder registration
========================================
The security team of each Trusted Firmware project maintains a private, vetted list of organizations and individuals who are considered Trusted Stakeholders of security vulnerabilities for that project. Trusted Stakeholders are organizations impacted by security vulnerabilities found in a Trusted Firmware project and thus need to be informed before public disclosure.
Contact [[mailto:security@lists.trustedfirmware.org]] if you want to register as a Trusted Stakeholder, providing the following information:
1. Which Trusted Firmware project(s) you want to register for.
2. A justification of why you should be on the list. That is, why you should know about security vulnerabilities and have access to security fixes before they are made public. For example, a valid reason is that your organization has deployed products using Trusted Firmware that may need to be patched.
3. Your full name and a valid email address. This should be an organization email address where possible. We prefer each organization to provide an email alias it manages itself instead of us managing a long list of individual addresses.
4. Confirmation that you and the individuals in your organization will handle embargoed information responsibly as described in the [[https://developer.trustedfirmware.org/w/collaboration/security_incident_process/reporting/|process]] page.
Where applicable, the project security teams maintain a **E**specially **S**ensitive **S**takeholder (**ESS**) list. This list is strictly limited to those organizations that use Trusted Firmware for large scale deployments providing bare-metal access on multi-tenancy systems, and organizations that supply Trusted Firmware to such deployments. You may use the same email address to request to join this list but in almost all cases we expect the Trusted Stakeholder list to be used.
Note, we reserve the right to deny registration or revoke membership to the stakeholders lists, for example if we have concerns about the confidentiality of embargoed information.