If you discover a security vulnerability in GhostRing, please do not open a public issue. Instead, email the maintainer directly:
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact assessment
- Suggested fix (if any)
- Acknowledgement: within 48 hours
- Assessment: within 7 days
- Fix or mitigation: within 30 days for critical issues
This policy covers the GhostRing hypervisor core (src/), loaders
(loader/), and agents (agent/). Third-party code in reference/ is
not covered — report those issues to the respective upstream projects.
| Version | Supported |
|---|---|
| 0.1.x | Yes |
We ask that you give us reasonable time to fix the issue before any public disclosure. We will credit reporters in the release notes unless they prefer to remain anonymous.