If you discover a security vulnerability in SyslogStudio, please report it responsibly:

1. Do not open a public GitHub issue for security vulnerabilities.
2. Send an email to the maintainer (see the commit history for contact details) with:
   • A description of the vulnerability
   • Steps to reproduce
   • Potential impact
3. You will receive an acknowledgment within 48 hours.
4. A fix will be prioritized and released as soon as possible.

SyslogStudio is a desktop application that receives network traffic. Keep in mind:

• Syslog ports below 1024 (e.g., UDP/TCP 514) require elevated privileges on most operating systems.
• TLS certificates generated by the built-in PKI assistant are stored in memory only and are not persisted to disk unless explicitly exported.
• At-rest encryption (AES-256-GCM with Argon2id) protects the SQLite database when the app is closed. The password is never written to disk.
• Configuration files (config.json) are stored in the user's config directory and contain server settings but no secrets.
• The application does not send telemetry or analytics data.