Constraint-Projected State Computing (CPSC)
This document describes how to report security vulnerabilities related to the CPSC specifications, reference materials, and associated artifacts.
If you believe you have discovered a security vulnerability, do not open a public issue.
Please report security issues privately via email:
- Email: support@bitconcepts.tech
- Subject: CPSC Security Disclosure
This applies to:
- specification ambiguities with security impact
- binary format parsing issues
- potential exploit vectors
- hardware or reconstruction edge cases
- denial-of-service or integrity concerns
When reporting a vulnerability, please include:
- A clear description of the issue
- The affected document(s) or component(s)
- Steps to reproduce (if applicable)
- Potential impact
- Any suggested mitigations (optional)
Clear and concise reports help us respond faster.
- We will acknowledge receipt of your report.
- The issue will be reviewed privately.
- If confirmed, we will determine appropriate remediation.
- Fixes or clarifications may be released in a future specification update.
- Public disclosure will occur only after mitigation or at our discretion.
This security policy applies to:
- CPSC specifications
- CAS-YAML specification
- CPSC binary format
- RTL mapping guidance
- Reference documentation in this repository
It does not apply to:
- third-party implementations
- external tools or libraries
- experimental or unofficial forks
We follow a coordinated disclosure model.
We ask reporters to:
- allow reasonable time for investigation and response
- avoid public disclosure before coordination
- refrain from exploiting issues beyond proof-of-concept
Reporting a security issue does not grant any rights beyond those explicitly stated in the repository license.
All intellectual property rights remain with BitConcepts, LLC.
For all security-related matters: