Security

HeroDevs actively monitors, triages, and addresses vulnerabilities across the NES product catalog. Response timelines are defined by severity in the HeroDevs Service Level Agreement.

When a vulnerability is disclosed against a package in the NES catalog, the HeroDevs security team acknowledges and investigates it according to its severity level. Critical and High severity issues receive the fastest response — see the SLA for specific timelines.

The fix is documented

When a vulnerability is resolved, HeroDevs publishes it in two places:

Vulnerability Directory — details on impact, reproduction steps, and mitigation guidance for security teams.
Per-product release notes — the specific fix listed alongside everything else that shipped in the NES release, so developers can track exactly what changed.

Scanners are updated

HeroDevs encodes resolved findings as OpenVEX statements in the public VEX feed. When you provide this document to a supported scanner, it automatically suppresses the resolved findings — so your team can focus on what actually needs attention.

Resources

Vulnerability Directory

Search all documented NES vulnerabilities with details and mitigation guidance.

VEX

Reduce scanner noise with HeroDevs OpenVEX for NES packages.

Service Level Agreement

Response timelines and severity definitions for NES security issues.

Glossary

Key security terms used across these pages.

From CVE to Resolution

A vulnerability is disclosed

The fix is documented

Scanners are updated

Resources