We release patches for security vulnerabilities in the following versions:

If you discover a security vulnerability in pqready, please report it responsibly:

1. Do not open a public GitHub issue
2. Send an email to [github@devinegan.com] with:
   • A description of the vulnerability
   • Steps to reproduce the issue
   • Potential impact assessment
   • Any suggested fixes (if available)

• Acknowledgment: We aim to acknowledge receipt within 24 hours
• Initial Assessment: We will provide an initial assessment within 72 hours
• Fix Timeline: Critical vulnerabilities will be addressed within 7 days, others within 30 days
• Disclosure: We will coordinate with you on responsible disclosure timing

This tool performs network connections and TLS analysis. Please be aware:

• Network Traffic: The tool sends TLS handshake requests to target servers
• DNS Queries: Hostname resolution is performed using system DNS
• Local Execution: The tool runs with user privileges and does not require elevated access
• Data Handling: No sensitive data is stored or transmitted beyond the TLS handshake process

Security reports should focus on:

• Remote code execution vulnerabilities
• Memory safety issues
• Cryptographic implementation flaws
• Input validation bypasses
• Privilege escalation

Out of scope:

• Denial of service via resource exhaustion
• Issues requiring physical access to the machine
• Social engineering attacks

Thank you for helping keep pqready secure!