Skip to content

Security: QRCS-CORP/HKDS

Security

.github/SECURITY.md

Security Policy

Reporting a Vulnerability

If you discover a security vulnerability in HKDS, please report it privately.

  • Do not open a public issue.
  • Email us at: security@qrcs.ca
  • Include a detailed description of the issue and steps to reproduce it.
  • We will acknowledge receipt within 72 hours and provide a timeline for the fix.

Supported Versions

Version Supported
1.x ✅ Yes
< 1.0 ❌ No

Disclosure Policy

We follow coordinated disclosure:

  • You report privately.
  • We fix and release a patch.
  • You may disclose after patch release (or we will credit you, with your permission).

Commitments

  • We follow best practices for cryptographic and memory safety.
  • All code is reviewed for MISRA 2023 and CERT C compliance.
  • We scan for vulnerabilities using CodeQL.

There aren't any published security advisories