Security

SECURITY.md

Security Policy

Reporting a Vulnerability

If you find a security issue, please don't open a public issue.

Email: [email protected] Backup: [email protected]

We support encrypted reports. Our public PGP key is available at: https://www.projectnavi.ai/.well-known/pgp-key.txt

PGP Fingerprint: 402E C296 1A72 CBFF 63B8 FEE9 A42A 76A1 C696 FF08

Or use GitHub's private vulnerability reporting if available on the repository.

What to Include

Description of the vulnerability
Steps to reproduce
Potential impact
Suggested fix (if you have one)

What to Expect

Acknowledgment within 48 hours
Validation and response plan within 7 days
Coordinated disclosure timing
Credit in the fix (unless you prefer anonymity)

Scope

This policy covers all repositories under the Project-Navi organization.

Safe Harbor

If you're acting in good faith to find and report vulnerabilities, we won't pursue legal action against you. Just don't:

Access data that isn't yours
Disrupt services
Share vulnerabilities publicly before we've fixed them

Additional Resources

Trust Center: https://www.projectnavi.ai/trust/
Machine-readable security.txt: https://www.projectnavi.ai/.well-known/security.txt

Security is everyone's job. Thanks for helping.

There aren’t any published security advisories