The Pico-Framework is currently in early preview. Security guarantees are limited while core APIs and internals are still stabilizing.
We will begin formal vulnerability triage and patching policies starting with v1.0.0.
If you discover a security vulnerability in Pico-Framework:
- Please do not open a GitHub issue
- Instead, email Ian Archbell directly at ian@pico-framework.com
- Provide as much detail as possible, including reproduction steps
We will acknowledge all valid reports within 48 hours and aim to resolve critical issues promptly.
Pico-Framework will adopt full CVE tracking and coordinated disclosure support once the project reaches a stable release milestone.