We take the security of AgentForensics seriously. If you believe you have found a security vulnerability, please report it to us as described below.

Please do NOT report security vulnerabilities through public GitHub issues.

Instead, please report them via:

• Email: Carlos@AIAgentObservatory.org
• GitHub Security Advisories: Use the "Security" tab in this repository

You should receive a response within 48 hours. If for some reason you do not, please follow up via email to ensure we received your original message.

• Day 0: Vulnerability reported
• Day 1-2: Initial triage and acknowledgment
• Day 3-14: Investigation and fix development
• Day 15-30: Fix testing and release preparation
• Day 30: Public disclosure and patch release

Security vulnerabilities in:

• Core forensics engine
• Log ingestion parsers
• Web dashboard
• Evidence chain integrity
• Cryptographic utilities

• Vulnerabilities in dependencies (please report to the respective projects)
• Issues in development/test code only