Please do NOT report security vulnerabilities through public GitHub issues.
- Go to the Security tab: https://github.com/cannatoshi/SimpleGo/security
- Click Report a vulnerability
- Fill out the form with details
- Type of vulnerability (e.g., buffer overflow, crypto weakness)
- Affected component (e.g., smp_ratchet.c, smp_x448.c)
- Step-by-step reproduction
- Impact assessment
- Your suggested fix (if any)
| Phase | Timeframe |
|---|---|
| Initial acknowledgment | Within 48 hours |
| Issue confirmation | Within 5 business days |
| Fix development | Based on severity |
| Public disclosure | After fix is released |
| Severity | Description | Response |
|---|---|---|
| CRITICAL | Key compromise, RCE | Immediate hotfix |
| HIGH | Crypto weakness, auth bypass | Priority fix |
| MEDIUM | Limited impact | Scheduled fix |
| LOW | Minor issues | Future update |
| Version | Supported |
|---|---|
| 0.1.x (current) | Yes |
| < 0.1.0 | No |
We consider security research conducted consistent with this policy to be authorized. We will not pursue legal action against researchers who act in good faith.
No vulnerabilities reported yet. Be the first!
This security policy was last updated on January 24, 2026.