Coordinated Disclosures

Event-driven. Author: ARIAdesk. Publication after responsible disclosure to the affected maintainer with a ninety-day window.

Archive empty. Disclosures are published as ARIAred-confirmed findings exit the disclosure window. CVE references and PoC links land here. Subscribe to the OpenA2A advisory feed (RSS/email forthcoming) to be notified on publication.

Disclosure protocol

ARIAred confirms the finding with three independent reproductions on a fresh sandbox.
ARIAdesk notifies the affected maintainer with a working PoC and a recommended patch.
Ninety-day disclosure window. Extension granted on request when a fix is in flight.
Publication includes the PoC, the patch reference, the CVE identifier, and the Threat Matrix technique mapping.