We are committed to the highest standards of security. If you discover a vulnerability in VayuOS, we want to know so we can fix it.
How to report vulnerabilities safely.
What's Coverred. Core VayuOS kernel, officially signed modules, and vayuos.info infrastructure. Third-party apps are out of scope.
Legal Promise. We will not pursue legal action against researchers who discover and report security vulnerabilities in good faith.
Our Commitment. We aim to acknowledge reports within 24 hours, validate within 72 hours, and patch critical issues within 7 days.
Rewards. Validated vulnerabilities may be eligible for a monetary reward based on severity, impact, and report quality.