Security

SECURITY.md

Security Policy

Supported Versions

Only the latest version on main is supported for security updates.

Reporting a Vulnerability

Please do not open public GitHub issues for vulnerabilities.

Report security vulnerabilities privately by emailing:

security@hustlerscode.app

Include:

Affected component/path
Reproduction steps or proof-of-concept
Impact assessment
Suggested remediation (if known)

You can expect:

Initial acknowledgement within 3 business days
Triage decision within 7 business days
Coordinated disclosure timeline after validation

Security Expectations

Never commit secrets, tokens, or private keys.
Use environment variables for all credentials.
Follow least-privilege principles for database and deployment credentials.
Keep dependencies up to date and monitor CI security alerts.

There aren’t any published security advisories