Please report suspected vulnerabilities privately before opening a public issue.
- GitHub private vulnerability reporting: https://github.com/lcapossio/emacZero/security/advisories/new
- Email: hello@bard0.com
- Include: affected commit or tag, configuration parameters, toolchain, target FPGA or integration context, reproduction steps, and expected impact.
Reports should be acknowledged within 7 calendar days. Confirmed issues should receive a remediation plan or status update within 30 calendar days. When a fix is available, a changelog entry or advisory should be published within 90 days unless coordinated disclosure with affected downstream integrators requires a different schedule.
See the repository root SECURITY.md for supported versions, scope, disclosure
expectations, and hardening guidance.