Skip to content

Security: libdriver/em4095

Security

SECURITY.md

Security Policy

LibDriver takes the security of our code seriously.If you believe you have found a security vulnerability in our code, please report it to us as described below.

Reporting a Vulnerability

LibDriver is generally backwards compatible with very few exceptions, so we recommend users to always use the latest version to experience stability, performance and security.

Please do not report security vulnerabilities through public issues.

Instead, please send an email to lishifenging@outlook.com. You should receive a response within 24 hours. If for some reason you do not, please send again to ensure we received your original message. If your report was previously undisclosed, we’ll also mention your name in the credits.

Please include the requested information listed below to help us better understand the nature and scope of the possible issue:

  • Type of issue
  • Full paths of source file(s) related to the manifestation of the issue
  • The location of the affected source code
  • Any special configuration required to reproduce the issue
  • Step-by-step instructions to reproduce the issue
  • Proof-of-concept or exploit code
  • Impact of the issue, including how an attacker might exploit the issue

After receiving your report, we will evaluate your report as soon as possible and notify you of the results. Bug fixes depend on the bug itself, and we will try to fix bugs as quickly as possible.

Preferred Languages

We prefer all communications to be in English.

Responsible Disclosure

In some cases, we may apply a responsible disclosure process to reported or otherwise discovered vulnerabilities. We will usually do that for a critical vulnerability, and only if we have a good reason to believe information about it is not yet public.

This process involves providing an early notification about the vulnerability, its impact and mitigations to a short list of vendors under a time-limited embargo on public disclosure.

There aren’t any published security advisories