If you discover a security vulnerability, please report it responsibly.
- Email: [security contact TBD]
- GitHub: Open a private security advisory
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes
- Acknowledgment: Within 48 hours
- Initial assessment: Within 1 week
- Resolution target: Depends on severity
| Version | Supported |
|---|---|
| Development | Yes |
All code changes require:
- PR review by .NET Specialist persona
- Security-focused review for sensitive areas
- No merge without approval
- Regular dependency updates
- Vulnerability scanning enabled
- No unmaintained packages
- No secrets in code or commits
- Use environment variables
- Secrets detected in commits will be rotated
- Minimize data collection
- Encrypt sensitive data
- Follow platform security guidelines
This security policy covers:
- Source code in this repository
- Build and deployment configurations
- Documentation with security implications
Out of scope:
- Third-party dependencies (report to maintainers)
- Platform-specific issues (Unity, .NET)