Skip to content

Security: Trust-Code-System/AtlasVault-AI

Security

SECURITY.md

Security policy

Reporting a vulnerability

Do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.

Email hello@trustcodesystem.tech with:

  • the affected repository, deployment, page, endpoint, or component;
  • clear reproduction steps;
  • the potential impact;
  • relevant non-destructive proof of concept, logs, or screenshots;
  • a safe way to contact you for follow-up.

We aim to acknowledge reports within 24 hours. Please allow reasonable time to investigate and remediate an issue before public disclosure.

Research boundaries

Do not:

  • access, modify, download, or retain data that does not belong to you;
  • disrupt production services or degrade availability;
  • use social engineering, physical attacks, or denial-of-service techniques;
  • publish vulnerability details before remediation is complete.

Supported versions

Security fixes are applied to supported production deployments and the latest maintained version of each repository. Repository-specific security policies override this organization default.

Sensitive material

Never commit credentials, tokens, private keys, production data, client documents, or internal incident evidence. If sensitive material is committed, rotate or revoke it immediately; deleting the Git commit is not sufficient.

There aren't any published security advisories