We support the latest version of the linux-security-audit-tool. Security updates are backported to the most recent major version if critical.
| Version | Supported |
|---|---|
| 0.1.x | ✅ |
If you discover a security vulnerability, please report it responsibly:
- Do NOT create a public GitHub issue for security vulnerabilities
- Email the maintainer directly at: clavijodario@gmail.com
- Include as much detail as possible:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (optional)
This tool performs security audits on local Linux systems. Ensure your vulnerability report relates to:
- Code execution with elevated privileges
- Privilege escalation vectors
- Data exposure or credential handling
- Input validation issues
- Authentication/authorization bypasses
- Acknowledge receipt within 48 hours
- Provide initial assessment within 7 days
- Target fix timeline based on severity:
- Critical: 24-72 hours
- High: 1-2 weeks
- Medium: 2-4 weeks
- Low: Next release cycle
We request a reasonable disclosure timeline (30 days minimum) before public disclosure. We credit reporters in the security advisory unless requested otherwise.