The following versions of Ferrocodex are currently supported with security updates:

We take the security of Ferrocodex seriously, especially given its use in operational technology (OT) environments. If you discover a security vulnerability, please follow these steps:

1. DO NOT open a public issue
2. Email security vulnerabilities to: security@ferrocodex.com
3. Include the following information:
   • Description of the vulnerability
   • Steps to reproduce the issue
   • Potential impact
   • Any proof-of-concept code (if applicable)

• Initial Response: We aim to acknowledge receipt within 48 hours
• Investigation: We'll investigate and provide updates within 7 days
• Resolution Timeline: Critical vulnerabilities will be addressed as soon as possible
• Disclosure: We'll coordinate disclosure timing with you

Ferrocodex implements multiple security layers:

• AES-256 encryption for all stored data - Not implemented in the Alpha Build
• Role-based access control (RBAC)
• Session token validation
• Rate limiting on sensitive operations
• Input validation on frontend and backend
• Secure offline-first architecture

The following are in scope for security reports:

• Authentication/authorization bypasses
• Data encryption vulnerabilities
• SQL injection or other injection attacks
• Cross-site scripting (XSS) in the desktop app
• Privilege escalation
• Information disclosure
• Any vulnerability affecting OT configuration integrity

We appreciate responsible disclosure and will acknowledge security researchers who help improve Ferrocodex's security in our release notes (with permission).