If you discover a security vulnerability in HKDS, please report it privately.
- Do not open a public issue.
- Email us at: security@qrcs.ca
- Include a detailed description of the issue and steps to reproduce it.
- We will acknowledge receipt within 72 hours and provide a timeline for the fix.
| Version | Supported |
|---|---|
| 1.x | ✅ Yes |
| < 1.0 | ❌ No |
We follow coordinated disclosure:
- You report privately.
- We fix and release a patch.
- You may disclose after patch release (or we will credit you, with your permission).
- We follow best practices for cryptographic and memory safety.
- All code is reviewed for MISRA 2023 and CERT C compliance.
- We scan for vulnerabilities using CodeQL.