This document explains how to report security vulnerabilities and helps keep AlphaFusionNet safe for all users.
It applies to all code under this repository.

This repository is open source under the LICENSE terms.
All source code, documentation, and models are publicly available.
Security-sensitive information (API keys, credentials, or production data) should not be included in this repository.

If you discover a security issue in AlphaFusionNet, please do not post it publicly.
Instead, report it via private and responsible channels:

Contact:

• Email: [email protected]
• Or GitHub: Use the "Report a vulnerability" option

Please include:

• A description of the vulnerability
• Steps to reproduce
• Affected component(s) and version(s)
• Any suggested mitigation or impact

We will acknowledge your report within 3 business days and aim to provide a fix or guidance within 30 days.

Security reports are welcome for:

• Core code under src/
• Integrated or vendored submodules under apps/
• Configurations, authentication flows, or APIs implemented by this project

Out of scope:

• Third-party dependencies (report upstream)
• Issues in example code, tests, or documentation

Not available yet.

To deploy AlphaFusionNet securely:

• Always use the latest stable release
• Protect API keys and credentials
• Use HTTPS for all external communication
• Regularly update third-party dependencies

We follow a 90-day coordinated disclosure policy:

• Reported vulnerabilities are kept private until fixed
• Once resolved, a public advisory may be published, crediting the reporter (if they consent)

• Maintainer: Novoxpert Security Team
• Last Updated: October 2025
• Next Review Due: November 2025