Skip to content

Security Policy

Reporting a Vulnerability

If you discover a security vulnerability in ADLAH, please help us by reporting it responsibly:

  • Do not open a public GitHub issue.

📧 security@adlah.dev

OpenPGP Key: A16680FE844801FB93802D47AAAD2650E8D29783

Include as much detail as possible:

  • Steps to reproduce the issue
  • Potential impact
  • Suggested fix (if available)

We will acknowledge receipt within 5 business days and provide a timeline for remediation.

Responsible Disclosure

  • Please give us at least 90 days to address the vulnerability before public disclosure.
  • We follow coordinated disclosure practices in line with ISO/IEC 29147.
  • Critical issues may result in a CVE assignment.

Scope

This policy covers:

  • ADLAH source code
  • Default Hive and Sensor configurations
  • Documentation examples

This policy does not cover:

  • Third-party dependencies (e.g., Elastic, MADCAT) — please report those upstream.
  • Experimental branches or forks.