Currently, we support security updates for the following versions:

We take security vulnerabilities seriously. If you discover a security issue, please follow these steps:

1. Do NOT create a public GitHub issue for security vulnerabilities
2. Email the details to: [your-email@example.com]
3. Include the following information:
   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Suggested fix (if any)

• Initial Response: Within 48 hours
• Status Update: Within 5 business days
• Resolution Target: Within 30 days for critical issues

1. Acknowledgment: We'll confirm receipt of your report
2. Investigation: We'll investigate and validate the issue
3. Communication: We'll keep you informed of our progress
4. Resolution: We'll work on a fix and coordinate disclosure
5. Credit: We'll credit you in the release notes (unless you prefer to remain anonymous)

• Keep SimTool updated to the latest version
• Only install from official sources (GitHub releases, Homebrew)
• Verify checksums when downloading binaries
• Report suspicious behavior immediately

Security issues in the following areas are in scope:

• File system access vulnerabilities
• Command injection through simulator operations
• Information disclosure
• Denial of service

Out of scope:

• Issues in third-party dependencies (report to the respective projects)
• Social engineering attacks
• Physical access attacks

Thank you for helping keep SimTool secure!