We actively support the following versions with security updates:

We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly.

Please DO NOT open a public GitHub issue for security vulnerabilities.

Instead, please email: security@blackroad.io

In your report, please include:

• Description of the vulnerability
• Steps to reproduce the issue
• Potential impact
• Any suggested fixes (optional)

• Acknowledgment: We'll acknowledge your report within 48 hours
• Assessment: We'll assess the vulnerability and determine its severity
• Updates: We'll keep you informed of our progress
• Resolution: We'll work on a fix and coordinate disclosure timing with you
• Credit: With your permission, we'll credit you in our security advisories

This repository is protected with:

• ✅ Dependabot vulnerability scanning
• ✅ Automated security updates
• ✅ Secret scanning
• ✅ CodeQL code analysis (where applicable)

When contributing to this project:

• Never commit secrets, API keys, or credentials
• Keep dependencies up to date
• Follow secure coding guidelines
• Review Dependabot alerts promptly

We currently do not have a formal bug bounty program, but we greatly appreciate responsible disclosure and will acknowledge contributors who help improve our security posture.

BlackRoad OS - Building secure, scalable systems