If you discover a security issue in any OpenSIN-AI system, repository, or infrastructure, please report it responsibly.

• Preferred: Open a private vulnerability report via GitHub Security Advisories on the affected repository.
• Alternative: Contact the OpenSIN-AI security team directly through private channels.

• A clear description of the vulnerability
• Steps to reproduce (if applicable)
• Affected repository, component, or system
• Potential impact
• Any evidence or proof-of-concept

• Acknowledgment: We will confirm receipt within 48 hours.
• Assessment: We will evaluate severity and scope.
• Resolution: We will work on a fix and coordinate disclosure timing.
• Communication: We will keep you informed throughout the process.

This policy covers:

• All OpenSIN-AI public and private repositories
• Production and staging infrastructure
• APIs, authentication, and authorization flows
• Data handling, storage, and transmission
• Dependencies and supply-chain risks

• Issues already reported
• Social engineering or physical security
• Denial-of-service testing
• Third-party services not operated by OpenSIN-AI

We ask that you:

• Do not disclose the issue publicly until we have had time to address it
• Do not access, modify, or delete data that is not yours
• Do not disrupt services or production systems
• Give us reasonable time to respond and fix the issue

Security is not an afterthought at OpenSIN-AI. We take responsible disclosure seriously and appreciate researchers who help us keep our systems safe.