This project is currently under active development. Security updates are only guaranteed for thelatest version.

We take security seriously. If you discover a vulnerability, do not open a public issue.

Please report vulnerabilities through one of the following methods:

• Email: contact@sudosecurityconsulting.com
• Alternative: kevinlandrycyber@gmail.com

If available, GitHub Private Vulnerability Reporting should be used.

To help us triage quickly, include:

• Description of the vulnerability
• Affected component(s) (file, API, module)
• Steps to reproduce
• Proof of concept (if applicable)
• Impact assessment (what can be exploited)
• Suggested mitigation (optional)

• Initial acknowledgment: within 48 hours
• Triage and validation: 3–5 business days
• Resolution timeline: depends on severity and complexity

You will be kept informed throughout the process.

We follow coordinated vulnerability disclosure:

• Do not publicly disclose the issue until it is resolved
• We will notify you when a fix is ready
• Public advisories may be released after remediation

In-scope vulnerabilities include:

• Authentication / authorization bypass
• Remote code execution (RCE)
• Injection vulnerabilities (command, SQL, etc.)
• Sensitive data exposure
• Privilege escalation
• Denial of service (DoS)

Out-of-scope:

• General bugs with no security impact
• UI/UX issues
• Feature requests

This project is an early-stage system (MVP). While best efforts are made to ensure security:

• It should not be used in production without review or permission
• No guarantees are made regarding resilience against advanced threats

Sudo Security and Consulting
Email: contact@sudosecurityconsulting.com