BEEM is open-source software for evidence-based equity, compensation, profit-share, and participation governance. Because BEEM may process sensitive founder, contributor, compensation, and company information, security reports are treated seriously.
The public repository currently supports the latest main/default branch and tagged releases once published.
| Version | Supported |
|---|---|
| latest | Yes |
| older untagged commits | Best effort |
Do not open a public issue for a vulnerability involving authentication, authorization, tenant isolation, data exposure, cryptographic hashes, export integrity, dependency compromise, or sensitive information leakage.
Report vulnerabilities privately to:
Include:
- A clear description of the issue
- Affected component or package
- Reproduction steps or proof of concept
- Potential impact
- Suggested remediation, if known
In scope:
- Authentication and authorization flaws
- Workspace or tenant isolation failures
- Exposure of private contribution, equity, compensation, or participant data
- Integrity failures in input/output hashing
- Export tampering or verification bypass
- Dependency or supply-chain issues
- Server-side request forgery, injection, XSS, CSRF, and privilege escalation
Out of scope:
- Social engineering
- Denial-of-service testing without prior written approval
- Spam, phishing, or physical attacks
- Issues in third-party services not controlled by the BEEM project
Please allow a reasonable remediation window before public disclosure. We will credit responsible reporters unless they request anonymity.
Security fixes do not make BEEM legal, tax, accounting, investment, employment, or securities advice. BEEM outputs are advisory unless adopted in separate signed legal documents.