Legal / Responsible Disclosure

Responsible Disclosure

Security is core to EnforceCore's mission. If you discover a vulnerability in EnforceCore, we ask that you report it responsibly so we can address it before public disclosure.

How to Report

Email security@enforcecore.dev with:

  • A description of the vulnerability and its potential impact.
  • Steps to reproduce or a proof-of-concept.
  • The affected version(s) of EnforceCore.

We will acknowledge receipt within 24 hours and aim to provide a fix timeline within 72 hours.

Our Commitment

  • We will not pursue legal action against researchers who follow these guidelines.
  • We will credit reporters in our security advisories (unless you prefer to remain anonymous).
  • We will issue a CVE for confirmed vulnerabilities.

Scope

This policy covers the EnforceCore Python library and this website (enforcecore.dev). For vulnerabilities in third-party dependencies, please report to the respective maintainers.