| Version | Supported |
|---|---|
| 1.0.x | ✅ |
If you discover a security vulnerability within AIX Framework, please report it responsibly.
- Do NOT create a public GitHub issue for security vulnerabilities
- Send an email to: r08t@proton.me
- Include the following information:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (optional)
- Acknowledgment: Within 48 hours of your report
- Initial Assessment: Within 7 days
- Resolution Timeline: Depends on severity, typically 30-90 days
- Credit: Security researchers will be credited in release notes (unless anonymity is requested)
This security policy covers:
- The AIX Framework codebase
- Official releases on PyPI
- Official Docker images (if applicable)
- Vulnerabilities in third-party dependencies (report these to the respective projects)
- Social engineering attacks
- Denial of service attacks against our infrastructure
AIX Framework is designed for authorized security testing only. Users are responsible for:
- Obtaining proper authorization before testing
- Complying with applicable laws and regulations
- Following responsible disclosure practices for any vulnerabilities discovered using this tool
When using AIX Framework:
- Never store API keys or credentials in code
- Use environment variables for sensitive configuration
- Run tests in isolated environments
- Review reports before sharing externally