Vulnerability Disclosure¶
If you discover a security vulnerability in CHERENKOV, please follow our disclosure process.
Reporting¶
- Do not open a public GitHub issue
- Email details to info@cherenkov-security.com
- Include steps to reproduce and impact assessment
Process¶
| Step | Expected Timeline |
|---|---|
| Acknowledgment | 48 hours |
| Initial assessment | 5 business days |
| Fix development | Based on severity |
| Public disclosure | After fix is released |
Scope¶
- Core framework (
src/cherenkov/) - Default scanner plugins
- API and CLI
- Docker deployment
Out of scope: third-party tools integrated via wrappers.