We actively support the following versions of EdgeFirst HAL with security updates:
| Version | Support Status |
|---|---|
| 0.x | β Full support |
| < 0.1 | β Not yet released |
Note: Version support policy will be updated once we reach stable 1.0 release.
Au-Zone Technologies takes security seriously across our entire EdgeFirst ecosystem, including the Hardware Abstraction Layer.
Email: support@au-zone.com
Subject: "Security Vulnerability - HAL"
For GitHub Users: You can also report vulnerabilities privately through GitHub Security Advisories
Please include:
- Vulnerability description - Clear explanation of the security issue
- Steps to reproduce - Detailed reproduction steps
- Affected versions - Which versions are impacted
- Potential impact - Assessment of severity and risk
- Suggested fixes - If you have ideas for remediation (optional)
- Proof of concept - Code or configuration demonstrating the issue (if applicable)
- Acknowledgment within 48 hours of your report
- Initial assessment within 7 business days
- Fix timeline based on severity:
- Critical: 7 days
- High: 30 days
- Medium: Next minor release
- Low: Next major release
Once we receive your report:
- We'll confirm receipt and begin investigation
- We'll assess severity using CVSS scoring
- We'll develop and test a fix
- We'll coordinate disclosure timing with you
- We'll release the fix and publish an advisory
- We'll update affected users through multiple channels
We ask that you:
- Allow reasonable time for us to fix vulnerabilities before public disclosure
- Avoid public disclosure until we've released a patch and advisory
- Not exploit vulnerabilities for any purpose other than verification
- Keep findings confidential until coordinated disclosure
- Act in good faith toward our users and the security community
We commit to:
- Acknowledge your report promptly
- Keep you informed throughout the remediation process
- Credit you in advisories (unless you prefer to remain anonymous)
- Work collaboratively to understand and resolve the issue
Security updates are released through:
- GitHub Security Advisories - Published on our repository
- Release Notes - Documented in CHANGELOG.md
- crates.io Updates - New versions with security fixes
- PyPI Updates - Python package updates
- Email Notifications - For users who subscribe to security alerts
- Watch the repository for security advisories on GitHub
- Monitor our releases page
- Follow @AuZoneTech for announcements
With your permission, we'll credit you in:
- Security advisories - Public acknowledgment of your contribution
- Release notes - Recognition in version release documentation
- Annual security report - Listed as a security contributor
- Hall of fame - On our website (if you prefer)
If you prefer to remain anonymous, we'll respect that choice.
When using EdgeFirst HAL in production:
- Validate all external inputs before processing
- Sanitize file paths and user-provided data
- Check tensor dimensions before allocation
- Verify image formats match expectations
- The HAL is written in Rust, providing memory safety guarantees
- Use safe APIs and avoid unsafe blocks when possible
- Be cautious with FFI boundaries (G2D, OpenGL)
- Monitor memory allocation limits
- Keep dependencies updated - Regularly update to latest versions
- Review security advisories - Check for known vulnerabilities
- Use cargo audit - Scan for security issues in dependencies
cargo install cargo-audit
cargo audit- Validate hardware capabilities before use
- Handle fallback paths securely
- Limit resource consumption on shared hardware
- Isolate untrusted inputs from accelerators
- Validate numpy arrays before conversion
- Check data types match expectations
- Handle exceptions properly
- Limit memory exposure across FFI boundary
- DMA-heap buffers can be shared between processes
- File descriptors can be passed via Unix sockets
- Ensure proper access control on shared buffers
- Consider security implications in multi-tenant environments
- G2D and OpenGL access may require elevated privileges
- Shared GPU memory can be a side-channel
- Validate all parameters passed to hardware APIs
- Monitor for resource exhaustion attacks
- Malformed images can cause decoder crashes
- Large images can exhaust memory
- Implement size limits for untrusted inputs
- Use safe image decoding libraries
For production deployments requiring enhanced security:
Au-Zone Technologies provides:
- Security Audits - Comprehensive code and architecture reviews
- Penetration Testing - Third-party security assessments
- Compliance Certification - Help meeting regulatory requirements
- Priority Security Patches - Expedited fixes for enterprise customers
- Custom Security Hardening - Tailored security enhancements
- Dedicated Security Support - Direct access to security team
- Secure Integration - Help integrating HAL securely into your stack
- Threat Modeling - Assess risks for your specific use case
- Security Training - Educate your team on secure usage
- Incident Response - Support during security incidents
π§ Contact: support@au-zone.com
π Learn more: au-zone.com/security
We maintain transparency about security issues:
- See CHANGELOG.md for security-related releases
- View published advisories on our security advisories page
No security vulnerabilities have been disclosed to date.
Last Updated: November 2025
Thank you for helping keep EdgeFirst HAL and our users safe! π