This project is actively maintained. The latest version is considered secure.

We take security seriously. If you discover a vulnerability, please report it privately.

Please do not open a public GitHub issue for security concerns.

Instead, email: security@example.com (TODO: replace with maintainer email)

We will respond within 48 hours and aim to resolve within 90 days.

During the disclosure window, please keep details confidential.

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Any suggested mitigations

We may award recognition (credit) for responsibly disclosed vulnerabilities, depending on severity.

Security updates will be released as patches on the main branch. We recommend keeping your deployments up to date.

• Run Xander Operator with least privileges
• Regularly update dependencies
• Use strong passwords and API keys
• Audit your agent configurations

Adapted from standard GitHub security policy.