| Version | Supported |
|---|---|
| v0.1.0 | Yes |
| < v0.1.0 | No |
Versions before v0.1.0 are not supported and should not be deployed.
Do not open a public issue for vulnerabilities.
Email: security@vyrox.dev
Subject format:
SECURITY: <brief description>
Response SLA:
- Acknowledgement within 48 hours
- Initial triage within 7 days
- Patch timeline communicated within 14 days
PGP key available at https://vyrox.dev/.well-known/pgp-key.txt.
In scope:
- Signature validation bypass in simulator requests
- Data handling flaws exposing sensitive content
- Script-level vulnerabilities enabling unsafe execution
Out of scope:
- Cosmetic output formatting preferences
- Physical-access attack scenarios
Vyrox follows coordinated disclosure. Reporters are credited unless anonymity is requested.
No bounty program is active during alpha.
- Simulated payloads are representative, not full vendor parity.
- Infrastructure capacity constraints can affect large-batch demo runs.
These are operational constraints, not vulnerabilities.