We are committed to maintaining the security of the Telecom Security Library. At this time, we only support the current main branch.

We value the work of security researchers in improving our project. If you discover a vulnerability or a security flaw in our documentation, research findings, or platform architecture, please follow these steps:

1. Private Report: Do NOT open a public issue. Email us directly at security@telcosec.org.
2. Details: Provide a detailed description of the vulnerability, including steps to reproduce, potential impact, and any suggested fixes.
3. Acknowledgment: We will acknowledge receipt of your report within 24-48 hours.
4. Investigation: Our team will investigate the issue and keep you updated on the progress.
5. Resolution: Once fixed, we will coordinate a disclosure date with you.

• We will investigate and respond to all reports in a timely manner.
• We will not take legal action against researchers who act in good faith and follow this policy.
• We will give credit to researchers who help us secure the library.

• Reports concerning third-party services used by our platform (e.g., GitHub infrastructure) should be reported directly to those providers.
• Spam or social engineering attacks against project maintainers.

Thank you for helping us keep the Telecom Security Library secure!