This is open-source software licensed under the Nevron Public License (NPL). While the code is publicly available, security vulnerabilities should still be reported responsibly to protect users of the software.

If you discover a security vulnerability within this project, please follow these steps:

1. DO NOT disclose the vulnerability publicly until it has been addressed
2. Create a private security advisory through GitHub's Security tab
3. Alternatively, contact the maintainers directly:
   • Email: [email protected]
   • GitHub: @gromdimon

When reporting a vulnerability, please include:

1. Description of the vulnerability
2. Steps to reproduce
3. Potential impact
4. Suggested fix (if any)
5. Your contact information

• All repository access is strictly controlled
• Access is granted on a need-to-know basis
• Regular access audits are performed

• All code changes undergo security review
• Dependencies are regularly updated
• Security scanning is performed on all PRs

• Sensitive data must be encrypted
• API keys and credentials must never be committed
• Use environment variables for all sensitive configuration

1. Code Security

   • Follow secure coding guidelines
   • Never commit sensitive data
   • Use strong authentication methods
   • Ensure your contributions don't introduce security vulnerabilities
   • Follow the NPL attribution requirements

2. Dependency Management

   • Keep dependencies up to date
   • Review dependency security advisories
   • Use only trusted packages

3. Environment Security

   • Use secure environment variables
   • Never share access credentials
   • Keep development environments isolated

In case of a security incident:

1. The incident will be investigated immediately
2. Affected parties will be notified
3. Necessary patches will be developed and deployed
4. Post-incident review will be conducted

All contributors must comply with:

1. This security policy
2. The Nevron Public License (NPL)
3. Data protection regulations
4. Industry security standards
5. Company security guidelines

This security policy may be updated at any time. Contributors will be notified of any changes.

For any security-related questions, contact:

• Dzmitry Hramyka (@gromdimon)
• Axioma AI

Remember: Security is everyone's responsibility. When in doubt, ask!