Sh3d/WII5Firmware
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
295abb37ee20175c23aad0969cf94b74e91e5f4c
WII5Firmware/SECURITY.md
T
scottp 295abb37ee Initial public release of WII5 Buoy firmware 
Firmware for an autonomous wave-measurement buoy (ATmega2560-based
WII5 v2 board). Reads wave motion from a Sparton AHRS-M1/M2 IMU,
samples GPS and battery state, and reports back over Iridium SBD
satellite telemetry. Originally developed 2012-2024.

This is the first public release. Code, documentation, and field-tested
operating modes (Capture, Sleep, Position, ManualTest, SelfTest,
LowBattery) are licensed under Apache 2.0 — see LICENSE and NOTICE.

See README.md for an overview and build instructions, CONTRIBUTING.md
for how to contribute, and DEPLOYMENTS.md for the field-deployment log.
2026-05-07 16:27:18 +10:00

1.6 KiB
Raw Blame History

Security Policy

Reporting a vulnerability

If you discover a security issue in the WII5 Buoy firmware — for example, a flaw in the Iridium SBD command-handling path, an authentication bypass in the console protocol, or anything else that could let an attacker take control of a deployed buoy — please do not open a public GitHub issue.

Instead, report it privately:

  • Open a private security advisory via the GitHub repository's Security tab → "Report a vulnerability", or
  • Email the maintainer: Scott Penrose <scottp@dd.com.au>

Please include:

  • A description of the issue and its potential impact
  • Steps to reproduce, or a proof-of-concept
  • The affected firmware version (WII5_SOFTWARE_VERSION) and hardware variant if known

We will acknowledge receipt within a reasonable time, work with you on a fix, and coordinate disclosure.

What this project asks of contributors

When opening issues or pull requests, please do not include:

  • Internal hostnames, IP addresses, or network paths from operational deployments
  • Iridium IMEIs, modem serial numbers, or device identifiers from real deployments
  • GPS coordinates of operational deployment sites
  • Other contributors' personal information (emails, real names, paths) — unless they have given explicit permission

If you need example values to demonstrate a problem, use obviously-fake placeholders (e.g. 192.0.2.1 from RFC 5737, IMEI 300000000000000, generic lat/lng like 0,0).

Supported versions

Only the latest tagged release on main is actively supported. Older deployed firmware may continue to function in the field but does not receive backported fixes.

Reference in New Issue View Git Blame Copy Permalink