If you discover a security vulnerability in NAFNet Image Restoration API, please email ffjisan804@gmail.com instead of using the issue tracker. Include:

1. Description of the vulnerability
2. Steps to reproduce
3. Potential impact
4. Suggested fix (if available)

We take all security reports seriously and will respond within 48 hours.

• Always use HTTPS in production
• Validate file uploads on both client and server
• Set appropriate file size limits
• Use environment variables for sensitive configuration
• Keep dependencies updated: pip install --upgrade -r requirements.txt

• Never commit secrets or API keys
• Use .gitignore to exclude sensitive files
• Validate and sanitize all inputs
• Use secure random number generation
• Follow PEP 8 and security guidelines
• Run security checks: bandit -r app.py

# Use virtual environment
python -m venv venv
source venv/bin/activate

# Install dependencies securely
pip install -r requirements.txt

# Use specific base image version
FROM python:3.11-slim

# Run as non-root user
USER appuser

# Set file permissions correctly
RUN chmod 755 /app

We use the following security tools:

• pip-audit: Check for known vulnerabilities
• bandit: Security issue detection
• safety: Dependency vulnerability scanning

Run security checks:

pip-audit
bandit -r .

• Urgent: 24-48 hours
• High: 5-7 days
• Medium: 14 days
• Low: 30 days

We appreciate the security research community's responsible disclosure of vulnerabilities.