Security

SECURITY.md

Security Policy

Reporting Vulnerabilities

If you discover a security vulnerability in NomOS, please report it responsibly.

Email: security@ai-engineering.at

Do NOT open public GitHub issues for security vulnerabilities.

What to Include

Description of the vulnerability
Steps to reproduce
Potential impact
Suggested fix (if any)

Response Timeline

Acknowledgment: within 48 hours
Assessment: within 5 business days
Fix or mitigation: depends on severity, typically within 30 days

Scope

This policy covers all components of NomOS:

nomos-api
nomos-console
nomos-cli

There aren't any published security advisories