Skip to content

Security: 0x0bug/windows-diagnostics-toolkit

SECURITY.md

Security Policy

Supported versions

Security fixes are applied to the latest release and main.

Reporting a vulnerability

Do not publish sensitive machine data, unredacted diagnostic reports, credentials, tokens, private network details, or a working exploit in a public issue.

Use GitHub private vulnerability reporting when available. Otherwise contact the repository owner through the profile contact methods and include only the minimum information needed to reproduce the problem.

For ordinary false positives, compatibility problems, and non-sensitive bugs, use the public issue templates.

Report privacy

Use -PrivacyMode before sharing a combined report and review the generated file manually. Privacy Mode reduces exposure but is not a guarantee that arbitrary application or Event Log text contains no sensitive information.

Scope

The toolkit is intended to remain read-only, local, dependency-free, and free of telemetry or upload behavior. A change that violates those boundaries should be treated as a security concern.

There aren't any published security advisories