If you believe you have found a security vulnerability in Descry, please report it privately via email to 06chaynes@gmail.com with the subject line [SECURITY] <short description>.

Please do not file a public GitHub issue for security concerns.

Include in your report:

• A description of the issue and its impact.
• Steps to reproduce (minimal example or proof of concept).
• Affected version(s) and platform.
• Any suggested remediation, if you have one.

• Acknowledgement of your report within 7 days.
• Initial triage and severity assessment within 14 days.
• Coordinated disclosure target: 90 days from acknowledgement, or sooner if a fix can be shipped quickly. If an issue requires longer, we will discuss a revised timeline with you.

Descry is pre-1.0. Only the latest minor release on PyPI receives security fixes. Users on older versions are encouraged to upgrade.

Researchers who report verified vulnerabilities are credited in the release notes unless they request anonymity.