Security

SECURITY.md

Security Policy

Reporting a Vulnerability

If you discover a security vulnerability in Logicaffeine, please report it responsibly.

Email: tristen@brahmastra-labs.com

Please do not:

Open public GitHub issues for security vulnerabilities
Disclose the vulnerability publicly before it has been addressed

We will:

Acknowledge receipt within 48 hours
Provide an estimated timeline for a fix
Credit you in the release notes (unless you prefer to remain anonymous)

Scope

This security policy applies to:

The Logicaffeine compiler (logos crate)
The runtime library (logos_core crate)
The verification module (logos_verification crate)
The web interface

Out of Scope

Issues in dependencies (please report to the respective projects)
Theoretical attacks without proof of concept

There aren’t any published security advisories