If you discover a security vulnerability in AssistSupport, please report it responsibly.
Do not open a public GitHub issue for security vulnerabilities.
- GitHub Security Advisories (preferred): Use GitHub's private vulnerability reporting to submit details.
- Email: Contact the maintainers directly (see profile).
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 48 hours
- Initial assessment: Within 1 week
- Fix or mitigation: Depends on severity
This policy covers the AssistSupport application code. Third-party dependencies should be reported to their respective maintainers.
For the full security architecture, encryption details, and threat model, see docs/SECURITY.md.