This is the security policy which FalconXOS(all versions)follow

All versions of FalconXOS(FalconXOS-GNU/Linux, FalconXOS-Windows and FalconXOS-Unix)and all of its version which will be released and which are already released follow this security policy.
For some version or future release, there might be a special policy, but for now this policy is followed.

For reporting security vulnerability, please read the Code of conduct and contributing guidelines before.
These list about how to contribute to FalconXOS and what's accepted and not accepted.
Not following the Code of conduct may also release to a permanent ban, so it is recommended to read it first.
TL;DR : FalconXOS follows the Contributor Covenant Code of Conduct.

The format of reporting a security vulnerability is the same as of reporting an issue(and a pull request if you know how to fix it)

The time for an update to be released for the vulnerability is usually 2-4 days.
For reviewing your issue or pull request, it should be done on the first day it is released.
Also check the issue and pull request list to see if no one else has reported the same vulnerability.