The Alliance for OpenUSD (AOUSD) as a standards organization is committed to receiving and responding to reports of potential vulnerabilities in AOUSD-developed technologies such as specifications and the OpenUSD implementation as well as additional reference code and reference documents. If you have found a potential security issue in any of these documents, please contact us via email at security@aousd.org.
We do our best to respond to and address security reports within a timely manner. If you do not receive a confirmation of receipt for your report within 3 business days, please feel free to follow up with us to ensure that we have received your original report.
If available, please include in your report the following information to help us evaluate your report as quickly as possible:
- Vulnerability type (security, privacy, availability/DoS, etc.)
- Affected specification / code / document and version
- Instructions to reproduce the issue
- A proof-of-concept (PoC)