We support the latest release of UDIF. Older versions are not maintained and may be vulnerable.
| Version | Supported |
|---|---|
| 1.x | ✅ Yes |
| < 1.0 | ❌ No |
If you discover a security vulnerability in UDIF, please report it privately and responsibly.
- Do not file public GitHub issues.
- Contact us at: contact@qrcscorp.ca
- Include:
- A clear description of the issue
- Steps to reproduce
- A proposed fix if available
We will respond within 72 hours and aim to provide a patch within 7 days, depending on severity.
We follow a coordinated disclosure approach:
- The reporter contacts us privately.
- We assess, fix, and test internally.
- We release an update and optionally credit the reporter.
- You may publicly disclose the issue after the fix is released.
- All code is reviewed for MISRA C 2023, CERT C, and FIPS 140-3 compliance.
- All cryptographic operations are designed to be constant-time and side-channel resistant.
- Static and dynamic analysis tools such as CodeQL and Cppcheck are used regularly.
- Dependencies are scanned and updated proactively.
If you responsibly disclose a severe issue, we’d be happy to include your name here with your permission.
Thank you for helping us keep UDIF secure.