Secure code is disciplined code β written with intent, tested with rigor, and respected for its precision.
I take the security of this C++ repository as seriously as its readability.
This isnβt just source code β itβs a reflection of engineering ethics, and that includes the responsibility to protect users and contributors from harm.
If youβve found a vulnerability, I thank you.
A clear, responsible report helps keep the foundation strong for every developer who learns from it.
The following versions are actively maintained with security updates and general improvements.
Older branches may still build, but theyβre considered out of scope for security patches.
| Version | Supported |
|---|---|
| 5.1.x | β |
| 5.0.x | β |
| 4.0.x | β |
| < 4.0 | β |
Please do not open a public GitHub Issue for security concerns.
All vulnerability reports should be sent privately to the maintainer via email.
For vulnerability disclosures or sensitive matters, please do not open public GitHub Issues.
Instead, contact the maintainer privately:
| Platform | Link |
|---|---|
| π₯ TikTok | @fiascoDev |
| π Credly Badge | Google IT Automation with Python Professional Certificate |
| πΌ LinkedIn | joeleerivas |
To help us triage and validate the report effectively, please provide as much detail as possible:
- Vulnerability Details: A clear description of the issue (e.g., buffer overflow, race condition, logic flaw).
- Affected Component: Specific filename(s), such as
kirchhoffs_Law_Calculator.cpporpolyhedra.h. - Reproduction Steps: Step-by-step instructions to reproduce the problem.
- Impact: Describe what an attacker could achieve by exploiting the issue.
- Suggested Fix (Optional): Proposed patch or mitigation strategy, if available.
Once a report is received, you can expect the following stages and response times:
| Stage | Expected Response Time |
|---|---|
| Acknowledgement (Initial confirmation of receipt) | Within 48 hours |
| Triage & Status Update (Severity assessment and reproduction) | Within 7 days |
| Patch Release / Decision (If validated) | Typically 14β30 days, depending on complexity |
If the issue is verified, weβll issue a patched release and follow a responsible disclosure process.
Credit will be given in advisories and release notes unless anonymity is requested.
In Scope:
- Core logic errors, memory mismanagement, or unvalidated user input.
- Vulnerabilities that lead to undefined behavior or privilege escalation.
Out of Scope:
- Compiler or library bugs beyond project control.
- Educational or demonstration programs intentionally simplified for teaching.
- Issues requiring administrative or physical access to the runtime system.
Security isnβt secrecy β itβs stewardship.
Thank you for taking the time to protect the craft and contribute responsibly.