Skip to content

Security: tpmoonchefryan/TCRN-TMS

Security

SECURITY.md

Security Policy

This file is the public vulnerability disclosure entrypoint for repository visitors and platform discovery.

It intentionally stays minimal.

Long-term maintainer notes, operational security details, and module-level security context are maintained in the repository's internal project memory, not duplicated here.

Reporting a Vulnerability

Do not open a public issue for security vulnerabilities.

Contact:

  • security@tcrn-tms.com
  • Or contact @tpmoonchefryan directly

Please include:

  • vulnerability type
  • reproduction steps
  • impact assessment
  • suggested fix, if available

Expected Response

  • Acknowledgment within 48 hours
  • Initial assessment within 7 days
  • Critical-fix target within 30 days when applicable

Scope

In scope:

  • TCRN TMS web, api, and worker applications
  • PII service
  • authentication and authorization flows
  • encryption, privacy, and tenant-isolation controls
  • third-party integration surfaces maintained by this project

Out of scope:

  • denial-of-service attacks
  • social engineering
  • physical security issues
  • vulnerabilities that belong to third-party dependencies only

There aren't any published security advisories