This repository contains specifications, JSON schemas, and documentation related to the VDA 231‑301 recommendation.
Security considerations primarily relate to:
- integrity of the schema definitions
- correctness and clarity of structural or validation rules
- prevention of unintended ambiguity or misuse of schema content
This repository does not provide executable software and does not operate productive systems.
Please report security-related concerns such as:
- vulnerabilities caused by ambiguous or inconsistent schema definitions
- unintended behavior that could lead to incorrect data interpretation
- risks that may affect interoperability or data integrity in implementations based on this schema
- supply-chain related risks within this repository (e.g. compromised references or examples)
The following topics are out of scope for this security policy:
- product or vehicle safety
- operational IT security of systems using this schema
- regulatory or legal compliance decisions
- vulnerabilities in third-party tools or platforms
- functional enhancement requests or general schema improvements
Such topics should be addressed via GitHub Issues or Discussions.
If you believe you have discovered a security‑relevant issue:
- please report it privately to the project maintainers
- do not open a public Issue or Pull Request
Contact details will be provided by the maintainers upon request.
Reported issues will be reviewed and evaluated, and appropriate actions will be taken if necessary.
This project follows responsible disclosure principles.
Please allow the maintainers reasonable time to assess and address reported issues before any public disclosure.
All decisions regarding changes to the VDA 231‑301 schema remain subject to the formal VDA review and release process.