Skip to content

Security: Collider-Data-Systems/moos-kernel

Security

SECURITY.md

Security Policy

Reporting a vulnerability

The mo:os project (Collider-Data-Systems) takes security seriously. If you believe you have found a security vulnerability in any of our public repositories — moos-kernel, moos-router, or this .github repository — please report it privately. Do not open a public issue for security reports.

Preferred channel — GitHub private vulnerability reporting: open the affected repository's Security tab → AdvisoriesReport a vulnerability. This creates a private advisory visible only to the maintainers.

Alternative channel: email sam@my-tiny-data-collider.nl with the details.

Please include:

  • the affected repository and version / commit,
  • a description of the vulnerability and its impact,
  • steps to reproduce (a proof-of-concept if available),
  • any suggested remediation.

What to expect

  • Acknowledgement within 5 business days.
  • An initial assessment and severity triage shortly after.
  • Coordinated disclosure: we will agree a fix and a disclosure timeline with you, and credit you (if you wish) once a fix is released.

Scope

In scope: the public repositories under Collider-Data-Systemsmoos-kernel, moos-router, and .github.

Out of scope: private / experimental repositories, third-party dependencies (report those upstream), and denial-of-service or social-engineering testing.

Supported versions

mo:os is under active single-maintainer development; only the latest main / master of each public repository is supported. Security fixes land on the default branch.


Maintained by the mo:os project. This policy lives in the org-level .github repository and applies to all public Collider-Data-Systems repositories.

There aren't any published security advisories