Skip to content

Security: SSC-STUDIO/UniversalDeviceToolkit-Plugins

Security

SECURITY.md

Security Policy

Reporting a Vulnerability

We take the security of UniversalDeviceToolkit-Plugins seriously. If you discover a security vulnerability, please report it responsibly.

📧 How to Report

Do NOT open a public GitHub issue for security vulnerabilities.

Instead, please report privately via one of these methods:

  1. GitHub Security Advisories (preferred):

  2. Email:

What to Include

Please include as much of the following as possible:

  • Type of vulnerability (e.g., privilege escalation, code injection, DLL hijacking)
  • Affected plugin(s) and version(s)
  • Step-by-step reproduction instructions
  • Proof-of-concept code (if available)
  • Potential impact assessment

Response Timeline

  • Acknowledgment: Within 48 hours
  • Initial assessment: Within 1 week
  • Fix release: Within 2 weeks for critical issues, 4 weeks for others
  • Public disclosure: After the fix is released and users have had time to update

Scope

This policy applies to:

  • All official plugins in the Plugins/ directory
  • The plugin SDK in SDK/
  • The PluginWorkbench and PluginTooling tools in Tools/

Recognition

Security researchers who report vulnerabilities responsibly will be:

  • Credited in the release notes (unless they prefer to remain anonymous)
  • Added to the Security Hall of Fame (coming soon)

Thank you for helping keep UniversalDeviceToolkit-Plugins secure! 🔒

There aren't any published security advisories