Security vulnerabilities are treated very seriously, and will by default take precedence over other work on the project. As I am currently the only developer on the project, the process below is conducted by me.
- If the vulnerability exists in PowerShell, please submit the report to The PowerShell Team
- If the vulnerability exists in a module, service or application used by infraspective, please follow the security reporting guidelines for that project first
- If the vulnerability exists in stitch (regardless of version), please report it using the process below
- Send the report to me directly
- Based on the severity and impact of the vulnerability a new issue will be created for tracking and reporting, unless the impact is so severe as to warrant discretion. In that case, a private repository will be created with access granted to the reporter, and myself
- Once the details of the vulnerability have been verified, a security advisory will be created.