Security Policy

Reporting a Vulnerability

Please report security vulnerabilities to meet@calmkernel.tr (NOT public issues).

We will acknowledge your report within 48 hours.

What to Report

• Authentication or authorization bypass
• Sensitive data exposure (credentials, PII)
• Remote code execution
• Injection vulnerabilities (SQL, command, path traversal)

What NOT to Report

• Non-security bugs (use GitHub Issues)
• Denial of service
• Social engineering

Contact

• Email: meet@calmkernel.tr