Vulnerability Reporting
For comprehensive security vulnerability reporting procedures, please see our Security Policy.
Quick Reference
For security vulnerabilities, please report privately to:
- Email: michael@cypheronlabs.com
- Subject Line: [SECURITY] Brief description of issue
Please do NOT:
- Open public GitHub issues for security vulnerabilities
- Discuss security issues in public forums or chat rooms
- Share vulnerabilities on social media before resolution
Response Timeline
- Initial Response: Within 48 hours of report
- Assessment: Within 7 days for severity classification
- Resolution: Timeline depends on complexity and severity
- Disclosure: Coordinated disclosure after fix is available
What to Include
- Vulnerability Description: Clear explanation of the issue
- Impact Assessment: Potential security implications
- Reproduction Steps: Detailed steps to reproduce the issue
- Proof of Concept: Code or commands demonstrating the vulnerability
- Environment Details: Operating system, Rust version, library version
- Suggested Fix: If you have recommendations for resolution
For complete details including scope, security model, and recognition policy, see the full Security Policy.