For non-sensitive security reports, open a GitHub Issue with reproduction steps, affected versions, and expected impact.

If the report contains sensitive details, do not publish exploit information in a public issue. Use GitHub private vulnerability reporting or a private security advisory if it is enabled for the repository. If no private channel is available, open a minimal issue requesting a private disclosure channel.

bvlos-sim is pre-1.0 and does not yet have a public CVE assignment process. That policy can be revisited after the project has stable release operations.

bvlos-sim is not a flight-safety system, operational approval tool, or complete BVLOS compliance system. Do not use it as the sole basis for operational BVLOS decisions.