| Version | Supported |
|---|---|
| 0.1.x | ✅ |
We take the security of Hardware Query seriously. If you believe you've found a security vulnerability, please follow these steps:
- Do not disclose the vulnerability publicly
- Email the maintainers at ciresnave@gmail.com with details about the vulnerability
- Include the following information:
- Type of vulnerability
- Full paths of affected source files
- Location of affected code (line number)
- Any special configuration required to reproduce
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the vulnerability
When you report a vulnerability:
- We will acknowledge receipt of your report within 48 hours
- We will provide a more detailed response within 1 week with our assessment and planned fixes
- We will handle your report with strict confidentiality and not share details with third parties without your permission
- We will keep you informed of our progress
- We will credit you in the security advisory unless you request otherwise
The Hardware Query library requires certain system permissions to access hardware information. Be aware of the following security considerations:
- Elevated Privileges: Some hardware detection features may require elevated privileges
- Information Disclosure: This library collects detailed system information which could be sensitive
- Dependency Security: Keep dependencies updated as they may have their own security issues
Our security development practices include:
- Dependency Scanning: Regular scanning of dependencies for known vulnerabilities
- Code Reviews: Security-focused code reviews for all changes
- Safe Rust Practices: Using Safe Rust patterns whenever possible
- Minimizing Unsafe Code: Limiting unsafe blocks to only where necessary and reviewing them thoroughly