Skip to content

Security: Novoxpert/NeuralFusionCore

Security

SECURITY 

# Security Policy

This document explains how to report security vulnerabilities and helps keep **NeuralFusionCore** safe for all users.  
It applies to all code under this repository.

---

## Repository Classification

This repository is **open source** under the [LICENSE](./LICENSE) terms.  
All source code, documentation, and models are publicly available.  
Security-sensitive information (API keys, credentials, or production data) **should not** be included in this repository.

---

## Reporting a Security Vulnerability

If you discover a security issue in NeuralFusionCore, please **do not** post it publicly.  
Instead, report it via **private and responsible channels**:

**Contact:**
- Email: `security@novoxpert.com`  
- Or GitHub: Use the ["Report a vulnerability"](https://docs.github.com/en/code-security/security-advisories/creating-a-repository-security-advisory) option

Please include:
- A description of the vulnerability  
- Steps to reproduce  
- Affected component(s) and version(s)  
- Any suggested mitigation or impact

We will acknowledge your report within **3 business days** and aim to provide a fix or guidance within **30 days**.

---

## Scope

Security reports are welcome for:
- Core code under `src/`  
- Integrated or vendored submodules under `apps/`  
- Configurations, authentication flows, or APIs implemented by this project

**Out of scope:**
- Third-party dependencies (report upstream)  
- Issues in example code, tests, or documentation  

---

## Supported Versions

Not available yet.

---

## Best Practices for Users

To deploy NeuralFusionCore securely:
- Always use the latest stable release  
- Protect API keys and credentials  
- Use HTTPS for all external communication  
- Regularly update third-party dependencies  

---

## Coordinated Disclosure

We follow a **90-day coordinated disclosure policy**:
- Reported vulnerabilities are kept private until fixed  
- Once resolved, a public advisory may be published, crediting the reporter (if they consent)  

---

## Revision & Ownership

- **Maintainer:** _Novoxpert Security Team_  
- **Last Updated:** _October 2025_  
- **Next Review Due:** _November 2025_

There aren’t any published security advisories