We take security seriously. If you discover a security vulnerability, please report it responsibly.

1. Do NOT open a public GitHub issue for security vulnerabilities
2. Email the security team with details of the vulnerability
3. Include:
   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Suggested fix (if any)

• Initial Response: Within 48 hours
• Status Update: Within 7 days
• Fix Timeline: Depends on severity
  • Critical: 24-72 hours
  • High: 1-2 weeks
  • Medium: 1 month
  • Low: Next release

When using GEO-INFER:

1. Keep dependencies updated - Run uv pip install --upgrade regularly
2. Use environment variables for sensitive configuration
3. Validate inputs when processing external data
4. Follow least privilege when deploying services

The GEO-INFER-SEC module provides security utilities:

• Authentication and authorization
• Data encryption
• Audit logging
• Access control

See GEO-INFER-SEC/README.md for details.

When working with geospatial data:

• Be aware of privacy implications of location data
• Anonymize sensitive location information
• Follow GDPR and local regulations
• Use differential privacy techniques when appropriate

Last Updated: 2026-01-26