Security

SECURITY.md

Security Policy

Reporting a Vulnerability

Report security vulnerabilities to: security@cubeos.app

Please do not open public GitHub issues for security vulnerabilities.

We will:

Acknowledge receipt within 72 hours
Provide a fix timeline within 14 days of acknowledgment
Target fix deployment within 30 days for critical issues

Supported Versions

Only the latest release in each active channel (stable, beta) receives security fixes.

Scope

CubeOS API (Go backend)
CubeOS HAL (Hardware Abstraction Layer)
CubeOS Dashboard (Vue frontend)
CubeOS boot/installer scripts

There aren’t any published security advisories