-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathSECURITY
More file actions
76 lines (50 loc) · 2.12 KB
/
SECURITY
File metadata and controls
76 lines (50 loc) · 2.12 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
# Security Policy
This document explains how to report security vulnerabilities and helps keep **NeuralFusionCore** safe for all users.
It applies to all code under this repository.
---
## Repository Classification
This repository is **open source** under the [LICENSE](./LICENSE) terms.
All source code, documentation, and models are publicly available.
Security-sensitive information (API keys, credentials, or production data) **should not** be included in this repository.
---
## Reporting a Security Vulnerability
If you discover a security issue in NeuralFusionCore, please **do not** post it publicly.
Instead, report it via **private and responsible channels**:
**Contact:**
- Email: `security@novoxpert.com`
- Or GitHub: Use the ["Report a vulnerability"](https://docs.github.com/en/code-security/security-advisories/creating-a-repository-security-advisory) option
Please include:
- A description of the vulnerability
- Steps to reproduce
- Affected component(s) and version(s)
- Any suggested mitigation or impact
We will acknowledge your report within **3 business days** and aim to provide a fix or guidance within **30 days**.
---
## Scope
Security reports are welcome for:
- Core code under `src/`
- Integrated or vendored submodules under `apps/`
- Configurations, authentication flows, or APIs implemented by this project
**Out of scope:**
- Third-party dependencies (report upstream)
- Issues in example code, tests, or documentation
---
## Supported Versions
Not available yet.
---
## Best Practices for Users
To deploy NeuralFusionCore securely:
- Always use the latest stable release
- Protect API keys and credentials
- Use HTTPS for all external communication
- Regularly update third-party dependencies
---
## Coordinated Disclosure
We follow a **90-day coordinated disclosure policy**:
- Reported vulnerabilities are kept private until fixed
- Once resolved, a public advisory may be published, crediting the reporter (if they consent)
---
## Revision & Ownership
- **Maintainer:** _Novoxpert Security Team_
- **Last Updated:** _October 2025_
- **Next Review Due:** _November 2025_