Skip to content

Security: imattas/IanOS

.github/SECURITY.md

Security Policy

Supported versions

IanOS is experimental. Security fixes target the main branch unless a release branch is created later.

Version Supported
main Yes
release branches Not currently

Reporting a vulnerability

Please do not open a public issue for exploitable vulnerabilities.

Use GitHub's private vulnerability reporting if available:

https://github.com/imattas/IanOS/security/advisories/new

If private reporting is unavailable, open a minimal public issue that says a private security report is needed, but do not include exploit details.

What to include

Include:

  • Affected commit or release.
  • Affected subsystem.
  • Impact.
  • Reproduction steps.
  • Crash logs or serial output.
  • Suggested fix, if known.

Scope

Security-relevant areas include:

  • User/kernel isolation.
  • Page table permissions.
  • User pointer validation.
  • Syscall handling.
  • ELF loading.
  • VFS path parsing.
  • Initrd/rootfs parsing.
  • Network packet parsing.
  • Driver MMIO/PIO handling.
  • DMA ownership.
  • Stack and heap hardening.

Public hardening issues

General hardening ideas that are not directly exploitable can be filed as public issues using the security hardening template.

There aren't any published security advisories