This document defines the policy of security-related issues.
Please report security issues by email.
Your report should at least include the following items:
- How did you find this vulnerability?
- Are there any repositories related to Project NoirVisor (e.g.: the NoirCvmApi) being affected by this vulnerability? If you are not sure, state the potential hazards.
- Are there any specific hardware requirements to reproduce this vulnerability?
- Please provide with clarified exemplifications.
- Who are you? How should Project NoirVisor refer you in security advisories? You are free to keep an anonymous identity, if you understand that no ascriptions of this report will be given to anyone unless there is someone else reported the same vulnerability without keeping an anonymous identity.
- Do you waive the right to choose a date for releasing the security advisory? If you don't waive this right, please specify the date. If you don't answer this question, you must agree to waive this right.
Security Advisories will be available to the public after the errata are materialized. The exact date of release for a specific vulnerability depends on discussion with the reporter. If the reporter waives the right to choose a date, Project NoirVisor would release the advisory on its specific schedule.