Security

SECURITY.md

Security Policy

Reporting a Vulnerability

If you discover a security vulnerability, please report it responsibly:

Email: security@nxtg.ai

Do NOT open a public GitHub issue for security vulnerabilities.

What to Include

Description of the vulnerability
Steps to reproduce
Impact assessment
Suggested fix (if any)

Response Timeline

Acknowledgment: Within 48 hours
Initial assessment: Within 5 business days
Fix timeline: Depends on severity (critical: ASAP, high: 2 weeks, medium: next release)

Scope

Code in this repository
Dependencies directly used by this project
Configuration and deployment scripts

Out of Scope

Third-party services or infrastructure
Social engineering attacks
Denial of service attacks

Recognition

We appreciate responsible disclosure and will credit reporters (with permission) in release notes.

There aren’t any published security advisories