BitPerfectCore is currently in early development. Security updates will be provided for supported versions once the project reaches stable release.
| Version | Supported |
|---|---|
| 0.x.x | 🚧 Development |
| 1.x.x | ✅ Planned (Q4 2026) |
We take security seriously. If you discover a security vulnerability in BitPerfectCore, please report it responsibly.
- Email: marioalberto.arce@proton.me
- Alternatively, use GitHub's private vulnerability reporting feature
- Include detailed description of the vulnerability
- Provide steps to reproduce if possible
- Allow reasonable time for response and fix
- Acknowledgment: Within 48 hours
- Assessment: Within 1 week
- Fix Timeline: Depends on severity
- Disclosure: Coordinated disclosure after fix is available
BitPerfectCore follows these security practices:
- No network access - Audio engine is local only
- Sandboxed operation - Works within macOS sandbox
- Memory safety - Swift's memory safety features
- Input validation - All inputs validated
- Error handling - Proper error handling throughout
- Minimal permissions - Only required audio permissions
Security considerations for BitPerfectCore:
In Scope:
- Audio file parsing vulnerabilities
- Memory safety issues
- Resource exhaustion attacks
- Privilege escalation
- Information disclosure
Out of Scope:
- Social engineering
- Physical access attacks
- Denial of service via network (no network access)
- Issues in third-party dependencies (report to them)
Security updates will be released as patch versions and announced via:
- GitHub Security Advisories
- Release notes
- Project README
We believe in responsible disclosure and will:
- Acknowledge security researchers
- Provide credit in release notes (if desired)
- Work with reporters to understand and fix issues
- Coordinate disclosure timing
Thank you for helping keep BitPerfectCore secure!
Last Updated: June 2026
Status: Active Development (v0.5.0)