| Version | Supported |
|---|---|
| 0.1.x | ✅ |
If you discover a security vulnerability in vauth, please report it responsibly.
Do NOT open a public GitHub issue for security vulnerabilities.
Instead, email: security@arktechnwa.com
You should receive a response within 72 hours. We will work with you to understand the issue, confirm it, and develop a fix before any public disclosure.
vauth is a software authenticator. Its threat model is documented in THREAT_MODEL.md. Please review it before reporting — known limitations (e.g., "root can bypass UV") are documented and are inherent to the architecture, not bugs.