If you discover a security vulnerability in SnortForge, please report it responsibly:

DO NOT open a public GitHub issue for security vulnerabilities.

How to report:

• GitHub Security Advisories: Use the "Report a vulnerability" button in the Security tab

What to include in your report:

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

Response timeline:

• Initial response: Within 48 hours
• Status update: Within 7 days
• Fix timeline: Depends on severity (Critical: 7 days, High: 14 days, Medium: 30 days)

When using SnortForge:

• Never run Flask in debug mode in production (app.run(debug=False))
• Validate all user input before rule generation
• Review generated rules before deploying to production IDS
• Keep dependencies updated (Dependabot handles this automatically)

• CodeQL automated vulnerability scanning
• Dependabot security updates
• Input validation on all API endpoints
• No database = reduced attack surface