TechBandham is currently an early-stage open-source project. Security fixes are best-effort on the latest default branch.

Please do not disclose security issues publicly in GitHub issues.

When reporting a vulnerability, include:

• A clear description of the issue
• Steps to reproduce
• Impact assessment if known
• Suggested remediation if available

Use a private channel with the maintainers whenever possible before public disclosure.

• Never commit .env files
• Rotate JWT_SECRET before any public or production deployment
• Restrict CORS origins for real deployments
• Add HTTPS, rate limiting, and stronger validation before production use
• Review dependency updates regularly