If you discover a security vulnerability in NetVeil, please report it responsibly.

Do not open a public issue. Instead, email security@bypasscore.com with:

1. A description of the vulnerability
2. Steps to reproduce
3. Potential impact assessment
4. Suggested fix (if you have one)

We will acknowledge your report within 48 hours and aim to release a patch within 7 days for critical issues.

This policy covers the NetVeil open-source codebase. For vulnerabilities in the commercial NetVeil Pro product or BypassCore's relay infrastructure, please use the same email address.

NetVeil uses well-established cryptographic primitives (X25519, ChaCha20-Poly1305, AES-256-GCM, HKDF-SHA256) from audited Rust crate implementations. If you identify a weakness in how these primitives are composed or used within NetVeil, we especially want to hear about it.