This document defines the OpenAMRobot approach to responsible security reporting and disclosure.
If you discover a security vulnerability, please avoid publicly disclosing it immediately.
Instead:
- open a private security advisory if available
- contact maintainers through appropriate channels
- provide technical details sufficient for reproduction
Security concerns may include:
- ROS vulnerabilities
- remote control vulnerabilities
- networking issues
- unsafe default configurations
- authentication weaknesses
- unsafe firmware behavior
- robotics safety issues
- AI-related security concerns
The organization aims to:
- acknowledge reports reasonably quickly
- investigate reported issues
- coordinate responsible disclosure
- publish fixes when practical
OpenAMRobot projects are experimental and research-oriented.
No software or hardware should be assumed safe for:
- industrial deployment
- medical use
- safety-critical systems
- autonomous public operation
without independent validation and certification.
Users are responsible for:
- validating safety
- regulatory compliance
- deployment suitability
- integration testing
- operational safety
Security support expectations may vary by repository and project maturity.
Repositories should document supported versions when applicable.
This policy may evolve as the ecosystem grows.