Initial public release of WII5 Buoy firmware
Firmware for an autonomous wave-measurement buoy (ATmega2560-based WII5 v2 board). Reads wave motion from a Sparton AHRS-M1/M2 IMU, samples GPS and battery state, and reports back over Iridium SBD satellite telemetry. Originally developed 2012-2024. This is the first public release. Code, documentation, and field-tested operating modes (Capture, Sleep, Position, ManualTest, SelfTest, LowBattery) are licensed under Apache 2.0 — see LICENSE and NOTICE. See README.md for an overview and build instructions, CONTRIBUTING.md for how to contribute, and DEPLOYMENTS.md for the field-deployment log.
This commit is contained in:
+46
@@ -0,0 +1,46 @@
|
||||
# Security Policy
|
||||
|
||||
## Reporting a vulnerability
|
||||
|
||||
If you discover a security issue in the WII5 Buoy firmware — for example,
|
||||
a flaw in the Iridium SBD command-handling path, an authentication bypass
|
||||
in the console protocol, or anything else that could let an attacker take
|
||||
control of a deployed buoy — **please do not open a public GitHub issue**.
|
||||
|
||||
Instead, report it privately:
|
||||
|
||||
- Open a private security advisory via the GitHub repository's
|
||||
**Security** tab → "Report a vulnerability", or
|
||||
- Email the maintainer: Scott Penrose <scottp@dd.com.au>
|
||||
|
||||
Please include:
|
||||
|
||||
- A description of the issue and its potential impact
|
||||
- Steps to reproduce, or a proof-of-concept
|
||||
- The affected firmware version (`WII5_SOFTWARE_VERSION`) and hardware
|
||||
variant if known
|
||||
|
||||
We will acknowledge receipt within a reasonable time, work with you on a
|
||||
fix, and coordinate disclosure.
|
||||
|
||||
## What this project asks of contributors
|
||||
|
||||
When opening issues or pull requests, **please do not include**:
|
||||
|
||||
- Internal hostnames, IP addresses, or network paths from operational
|
||||
deployments
|
||||
- Iridium IMEIs, modem serial numbers, or device identifiers from real
|
||||
deployments
|
||||
- GPS coordinates of operational deployment sites
|
||||
- Other contributors' personal information (emails, real names, paths) —
|
||||
unless they have given explicit permission
|
||||
|
||||
If you need example values to demonstrate a problem, use obviously-fake
|
||||
placeholders (e.g. `192.0.2.1` from RFC 5737, IMEI `300000000000000`,
|
||||
generic lat/lng like `0,0`).
|
||||
|
||||
## Supported versions
|
||||
|
||||
Only the latest tagged release on `main` is actively supported. Older
|
||||
deployed firmware may continue to function in the field but does not
|
||||
receive backported fixes.
|
||||
Reference in New Issue
Block a user