Skip to content

Security: pavadik/TestNet

Security

SECURITY.md

Security Policy

Supported versions

This repository is a benchmark suite and does not ship a production service. That said, we still take security reports seriously.

  • We generally accept security fixes for the current main branch.
  • If a reported issue affects upstream .NET/runtime components, we may redirect you to the appropriate upstream security process.

Reporting a vulnerability

Please do not open a public GitHub issue for security-sensitive reports.

Instead, report privately by using one of these options:

  1. GitHub Security Advisories (preferred):
    • Go to the repository on GitHub → SecurityReport a vulnerability.
  2. If advisories are not enabled yet, contact the repository owner privately.

What to include

To help us triage quickly, include:

  • A clear description of the issue and impact
  • Steps to reproduce or a proof-of-concept
  • Affected file(s) / component(s)
  • Any mitigation or suggested fix
  • Environment details (OS, .NET SDK versions)

Response timeline

We aim to:

  • Acknowledge within 3 business days
  • Provide an initial assessment within 7 business days

Timelines may vary depending on complexity and whether upstream coordination is required.

Disclosure

We follow responsible disclosure practices. Please give us a reasonable time to investigate and address issues before public disclosure.

There aren't any published security advisories