If you discover a security vulnerability in Phantomwatch, please report it responsibly.
Email: security@zerosixcyber.com
Please include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment within 48 hours
- Fix target: 7 days for critical, 30 days for others
- Coordinated disclosure with 90-day window
- Vulnerabilities in Phantomwatch's own code (BPF programs, userspace binary)
- Detection bypasses (techniques that should be caught but aren't)
- False negatives in built-in rules
- Vulnerabilities in dependencies (report upstream, but let us know)
- Kernel vulnerabilities
- Attacks requiring physical access to the host