31 lines
725 B
Markdown
31 lines
725 B
Markdown
# Security Policy
|
|
|
|
VPN Share handles user network traffic. Security issues should be treated as
|
|
high priority even before the first stable release.
|
|
|
|
## Reporting
|
|
|
|
Report vulnerabilities privately to the maintainers. Do not open public issues
|
|
for exploitable bugs until a fix is available.
|
|
|
|
## Scope
|
|
|
|
In scope:
|
|
|
|
- Authentication bypass.
|
|
- Traffic decryption or tampering.
|
|
- DNS or traffic leaks.
|
|
- Peer isolation failures.
|
|
- Unsafe packet parser behavior.
|
|
- Sensitive data logging.
|
|
|
|
Out of scope:
|
|
|
|
- Denial of service requiring physical access and no persistence.
|
|
- Bugs in third-party VPN applications.
|
|
|
|
## Disclosure Target
|
|
|
|
Maintainers should acknowledge reports within 7 days and publish a fix timeline
|
|
based on severity.
|