[Security] Inquiry regarding Responsible Disclosure procedure

[r0s4ngeles]

Description

Hello Autoware maintainers,

We are a security research team from the BoB (Best of the Best) program in South Korea. We are currently conducting a project on ROS2 vulnerability analysis.

During our research, we discovered a potential security vulnerability within Autoware. We intend to responsibly disclose this issue to the Autoware Foundation.

Since we could not find a specific SECURITY.md file or a designated security contact, we previously attempted to reach out via email, but we have not yet received a response.

We are planning to present our research findings, including this vulnerability, at ROSCon Korea (January 2026). Therefore, we would like to coordinate the disclosure timeline with you beforehand to ensure appropriate mitigation measures are taken.

Could you please provide the correct contact point (email) or guide us through the preferred procedure for reporting this vulnerability securely?

Thank you.

[xmfcx]

Hello @r0s4ngeles

Thank you for the inquiry.

I've responded to the email that was sent to info@autoware.org . Feel free to contact us from there.

[yukkysaito]

@r0s4ngeles
As a community, reports like yours are extremely valuable to us, and we sincerely appreciate your effort.
Thank you very much for bringing this to our attention.

[xmfcx]

• This issue is now tracked under Point Cloud validation autoware_universe#11858