NewSocOps takes security seriously. If you discover a security vulnerability in any repository under the NewSocOps organization, please report it responsibly.

Email: security@newsocops.org

Please include the following information in your report:

• Affected repository and component/file
• Description of the vulnerability
• Impact assessment (who is affected and how)
• Steps to reproduce the issue
• Any proof-of-concept code (if applicable)
• Suggested remediation (optional)

We aim to acknowledge security reports within 5 business days. During the early phase of the organization, response times may vary, but we are committed to addressing all valid reports.

1. Validation: We will review and validate the reported vulnerability
2. Mitigation: We will work on a fix or appropriate mitigation
3. Disclosure: Once resolved, we will coordinate disclosure timing with you
4. Credit: With your consent, we will acknowledge your contribution in our security advisory or changelog

To protect the community, please:

• Do not publicly disclose vulnerabilities before they are patched
• Do not share exploit details in public issues or pull requests
• Do not attempt to access data that doesn't belong to you
• Do not perform testing that degrades service availability for others

The following are generally considered out of scope:

• Social engineering attacks without a technical vulnerability
• Issues requiring privileged local access without privilege escalation
• Theoretical denial-of-service scenarios requiring unrealistic resource usage
• Vulnerabilities in third-party dependencies (please report to the upstream project)
• Issues in publicly archived or explicitly deprecated repositories

Thank you for helping keep the NewSocOps ecosystem safe and secure.