Octovel maintains multiple open source projects, each with its own versioning and support policy. Please refer to the individual project's documentation for specific version support information.

• We provide security updates for the latest major version of each project
• Critical security fixes may be backported to previous major versions on a case-by-case basis
• Projects in version 0.x are considered experimental and may not receive security updates

1. Check the project's README.md or SECURITY.md file
2. Look for the "Releases" section in the project's GitHub repository
3. Visit our documentation for detailed version support

We take all security vulnerabilities seriously. If you discover a security issue, please follow these steps:

1. Do not create a public GitHub issue for security vulnerabilities
2. Email your findings to security@octovel.com
3. Include the following information:
   • Project name and version
   • Vulnerability description
   • Steps to reproduce
   • Any proof-of-concept code
   • Your contact information

• We will respond to your report within 3 business days
• We will keep you informed about the progress of the vulnerability resolution
• We will credit you in our security acknowledgments (unless you prefer to remain anonymous)

Security updates will be released as patch versions (e.g., 1.0.1, 1.0.2) for the latest minor version. We recommend always using the latest version of our software.

• Always keep your dependencies up to date
• Use strong, unique passwords for all accounts
• Enable two-factor authentication (2FA) where available
• Review and understand the permissions you grant to applications

• Follow secure coding practices
• Never commit sensitive information (API keys, passwords, etc.) to version control
• Validate and sanitize all user input
• Keep dependencies updated and remove unused ones
• Write and maintain tests for security-critical code

• We follow best practices for data protection and privacy
• Sensitive data is encrypted in transit and at rest
• Regular security audits are performed on our infrastructure

• We regularly update our dependencies to include security patches
• All third-party code is reviewed before integration
• We monitor for known vulnerabilities in our dependencies

For security-related inquiries, please contact security@octovel.com.

By submitting a vulnerability report, you agree to our responsible disclosure policy. We will not take legal action against security researchers who:

• Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service
• Only interact with accounts they own or have explicit permission to test
• Provide us with reasonable time to address the issue before any public disclosure

Last updated: October 22nd, 2025