DRAS-5 is research software for academic purposes only. It is not FDA-cleared, CE-marked, or TFDA-approved and must not be used for clinical decision-making without proper validation, regulatory approval, and clinical oversight.

If you discover a security vulnerability, please report it responsibly:

1. Do NOT open a public issue
2. Email: chatchait66@nu.ac.th
3. Include:
   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Suggested fix (if any)

We will acknowledge receipt within 72 hours and provide an initial assessment within one week.

Security concerns relevant to this project include:

• Violations of safety constraints C1--C5
• Audit log tampering or bypass (C3)
• State machine logic errors that could cause missed escalations
• Input validation bypass (risk scores outside [0, 1])

• Chatchai Tritham: chatchait66@nu.ac.th
• Chakkrit Snae Namahoot: chakkrits@nu.ac.th