[Sample deliverable]

See what a Stella engagement actually produces.

This sample mirrors the format Stella delivers on a real Verified Audit engagement. It is built from a published Mozilla disclosure credited to Haruto Kimura (Stella) — CVE-2026-6766, an integer underflow in Firefox NSS that produced a wild-address write reachable from any remote QUIC peer. The technical content is real; the engagement framing shows how the deliverable is structured.

[What's inside]

Cover and engagement summary
Executive summary (1 page)
Audit scope and methodology (1 page)
Finding writeup with reproducible PoC, ASAN output, and source-citation validation (2 pages)
Patch guidance and validation checklist (1 page)
Coordinated disclosure timeline and vendor coordination (1 page)

Download the PDF ↓Request a pilot audit

PDF · 7 pages · ~17 KB

Real engagement reports are delivered under NDA. Request a pilot to see the full deliverable applied to your codebase.