Please do not open a public GitHub issue for security vulnerabilities.
Report privately via:
- GitHub: use the Private Vulnerability Reporting feature on this repo
- Email: security@twn.systems
We aim to acknowledge reports within 48 hours.
| Secret | Where it lives | Where it never appears |
|---|---|---|
| SSH private key | CI masked secret BENCH_SSH_KEY |
repo, logs, artifacts |
Benchmark test nodes communicate over SSH only. The iperf3 traffic (ports 5201–5208) should be restricted to an isolated management or test VLAN.
Do not expose iperf3 server ports to the public internet — iperf3 has no authentication and will saturate any connection to it.