If you discover a security vulnerability related to:
- the OpenPAKT specification
- example artifacts
- reference implementations
- the Detektor scanner (when available)
please report it responsibly.
Do not open a public issue for security vulnerabilities.
Instead contact:
Include the following information if possible:
- description of the vulnerability
- affected component or specification section
- steps to reproduce
- potential impact
Please include "[OpenPAKT Security]" in the email subject.
We will acknowledge receipt and investigate as soon as possible.
This policy applies to:
- the OpenPAKT specification repository
- example artifacts provided in this repository
- future reference implementations maintained by Meisterware
We encourage responsible disclosure and will work with reporters to:
- confirm the issue
- assess the impact
- prepare mitigation guidance
- coordinate public disclosure when appropriate