We take the security of our repository and its users seriously. If you discover a security vulnerability, please follow these steps: 2. Email the details to hello@zephyrex.dev. 4. If possible, provide suggestions for addressing the vulnerability. We will attempt to acknowledge receipt of your vulnerability report within 72 hours and will send you regular updates about our progress. We may ask for additional information or guidance.

We aim to adhere to the following response timeline:

• 7 days: Preliminary assessment completed.
• 60-90 days: Vulnerability addressed and patched. This security policy applies to the latest release of all software within this repository.

1. Code Review: All code changes require at least one review from a team member before merging.
2. Secrets Management: Never commit sensitive credentials, API keys, or tokens to the repository.
3. Static Code Analysis: Use automated tools to identify potential security issues during the development process.
4. Access Control: Implement the principle of least privilege - grant only the permissions necessary for contributors to perform their duties.
5. Vulnerability Scanning: Regularly scan the codebase for vulnerabilities.
6. Documentation: Keep security documentation up-to-date.
7. Regular Updates: Dependencies should be updated regularly to incorporate security patches.
8. Vulnerability Scanning: Use automated tools to scan dependencies for known vulnerabilities.
9. Dependency Pinning: Pin dependencies to specific versions to prevent unexpected changes.
10. Dependency Review: Review the security posture of new dependencies before adding them to the project.
11. Sensitive Data: Do not store sensitive data in the repository.
12. Data Access: Implement proper access controls for any data stored or processed by the applications in the repository.

This security policy will be reviewed and updated regularly to adapt to evolving security threats and best practices. Last Updated: February 28, 2025