If you discover a security vulnerability in any Open Operational State repository, please report it responsibly.
Do not open a public issue.
Instead, send an email to:
security@open-operational-state.org
Please include:
- A description of the vulnerability
- Steps to reproduce the issue
- The repository and file(s) affected
- Any potential impact you have identified
We will acknowledge receipt of your report within 3 business days and aim to provide an initial assessment within 10 business days.
This policy applies to all repositories under the open-operational-state GitHub organization:
governancestatus-specstatus-conformancestatus-tooling
We follow a coordinated disclosure process. We will work with you to understand and address the issue before any public disclosure is made.
We appreciate the efforts of security researchers and will acknowledge reporters (with their permission) in any public advisory related to the reported issue.