The Starweft team takes security seriously. We appreciate your efforts to responsibly disclose vulnerabilities and will make every effort to acknowledge and address them promptly.
| Version | Supported |
|---|---|
| 0.1.x | Yes |
Please do NOT open public GitHub issues for security vulnerabilities.
Instead, report vulnerabilities through one of the following channels:
- Email: contact@co-r-e.com
- Contact form: https://co-r-e.com/contact
When reporting, please include:
- A description of the vulnerability
- Steps to reproduce the issue
- An assessment of the potential impact
- Any suggested mitigation or fix, if applicable
- Acknowledgment: within 48 hours of receiving the report.
- Critical issues: we aim to provide a fix within 7 days.
- Non-critical issues: we will assess severity and schedule a fix accordingly.
We will keep you informed of progress toward resolution and may ask for additional information if needed.
The following areas are considered in scope for security reports:
- Cryptographic signing and verification
- P2P networking and transport security
- Data persistence and storage integrity
- Access control and authorization
We request that you give us reasonable time to address reported vulnerabilities before making any public disclosure. We are committed to working with security researchers to resolve issues responsibly.
- Email: contact@co-r-e.com
- Contact form: https://co-r-e.com/contact
Operational security guidance for secrets, key rotation, and TLS termination lives in docs/security/operations.md.