Skip to content

Security: NeoDOS-Project/neodos-dev-server

Security

SECURITY.md

Security Policy

Reporting a Vulnerability

NeoDOS is an operating system under active development. Security is a priority, but vulnerabilities are expected.

Please do NOT report security vulnerabilities through public GitHub issues.

Send an email to neodos@alexis900.dev with:

  • Description of the issue
  • Reproduction steps (if applicable)
  • Affected kernel version
  • Target system (QEMU, real hardware)

Process

  1. We will acknowledge receipt within 48 hours
  2. We will investigate and provide an estimate
  3. We will work on a fix
  4. A security advisory will be published when available

Scope

  • NeoDOS kernel (neodos-kernel/)
  • Bootloader (neodos-bootloader/)
  • NEM drivers
  • System tools (userbin/)

Out of Scope

  • External dependencies (report to the respective maintainer)
  • Development environment (QEMU, host OS)

Acknowledgments

We thank those who responsibly report vulnerabilities. With permission, we will include them in our acknowledgments.

There aren't any published security advisories