Security vulnerabilities are taken seriously. I appreciate your efforts to responsibly disclose your findings and will make every effort to acknowledge your contributions.

Please do not report security vulnerabilities through public GitHub issues.

Instead, please report them using one of the following methods:

1. Preferred: GitHub Security Advisories (recommended)

   • Go to the Security tab of this repository
   • Click "Report a vulnerability"
   • Fill out the form with details about the vulnerability

2. Alternative: Private email

   • If you cannot use GitHub's private reporting, contact the project maintainers via the contact email listed on the GitHub profile

To help us understand and resolve the issue quickly, please include:

• Description - A clear description of the vulnerability and its potential impact
• Steps to Reproduce - Detailed steps to reproduce the issue
• Affected Demo - Which demo is affected
• Impact Assessment - Your assessment of the severity and potential impact

• Acknowledgement - I will acknowledge receipt of your report within 5 business days
• Updates - I will keep you informed about progress in addressing the vulnerability
• Credit - With your permission, you will be credited in any public disclosure

The demos in this repository are intended for development and learning purposes. When deploying ros2_medkit in production environments:

• Follow ROS 2 security best practices
• Properly configure network access controls
• Review and audit diagnostic configurations
• See ros2_medkit documentation for security guidance

Thank you for helping keep selfpatch_demos and its users safe!