The fork tracks upstream Netflix/vmaf's supported-version policy for the parts of the code inherited from upstream. Fork-only code paths (libvmaf/src/{cuda,sycl}/, libvmaf/src/feature/{cuda,sycl}/, GPU backend runtime, Tiny-AI / ONNX Runtime surface, MCP server) are supported on the current master and the latest two tagged releases.

Please do not open a public issue for security problems.

Use GitHub's private vulnerability-reporting flow: https://github.com/lusoris/vmaf/security/advisories/new

If the issue is in code inherited from upstream, we will coordinate disclosure with Netflix/vmaf maintainers.

Alternative channels:

• Email: lusoris@pm.me — PGP-encrypt anything sensitive; request the public key via the same address.

Please include:

1. Affected version(s) / commit SHA.
2. A minimal reproducer (inputs, command line, expected vs. actual).
3. Your assessment of impact (crash / memory corruption / DoS / info leak).
4. Whether you believe a CVE should be requested.

• Acknowledgment: within 72 hours.
• Initial triage: within 7 days (severity, affected versions, fix path).
• Fix or mitigation: aim for 30 days for High/Critical, 90 days for Medium/Low. Longer timelines are possible for complex issues — we'll keep you informed.
• Public disclosure: coordinated with the reporter, typically after a fix ships in a tagged release. Credit is given in the release notes unless you prefer to remain anonymous.

Every tagged release ships with:

• SBOM (SPDX + CycloneDX) — attached as release assets via the supply-chain.yml workflow.
• Sigstore keyless signatures — verify with cosign verify-blob --bundle <asset>.bundle <asset>.
• SLSA L3 provenance — generated by slsa-github-generator; verify with slsa-verifier.

These are the acceptance criteria for the D12 "signed releases" gate; a release without all three is a blocker per /prep-release.

• VMAF is a quality metric, not an authentication / crypto / sandbox system. Inputs are untrusted video files. Parsing bugs in third-party codec libraries (libavcodec, etc.) are routed to those projects; we consume them via pkg-config and do not fork their parsers.
• Numerical drift between CPU and GPU backends of up to 2 ULP is a design accommodation (see docs/principles.md §3 and decision D10), not a security issue.