If you discover a security issue, please report it privately by email:

• sesame.lu@alu.uestc.edu.cn

Anonymous reports are accepted; however, providing contact details helps us follow up and coordinate fixes.

Please include a clear description of the issue, steps to reproduce, affected components, and any relevant logs or proof-of-concept details.

We aim to:

• Acknowledge receipt within 48 hours
• Provide an initial assessment within 7 days

Please allow us reasonable time to investigate and address the issue before public disclosure. We will coordinate with you on timelines and credit where appropriate.

In scope:

• Core runtime and worker pipeline
• Camera/trigger/detect/output modules
• Web HMI and Modbus interfaces
• Configuration parsing and file handling

Out of scope:

• Misconfigurations or insecure deployments
• Third-party dependencies (report upstream where appropriate)