The coherosphere architecture repository is a public and transparent codebase.
We take security seriously — not as secrecy, but as integrity.
All reports are handled confidentially until a fix is released and verified.
The following versions of the coherosphere architecture framework are actively supported with security updates and patches.
| Version | Supported |
|---|---|
| 2.x | Yes |
| 1.x | Limited (critical issues only) |
| < 1.0 | No |
Older versions remain visible for reference but are no longer monitored for vulnerabilities.
If you discover a potential vulnerability, please report it privately and responsibly.
-
Contact: Send details to
security@coherosphere.org
(PGP key available upon request) -
Include:
- A clear description of the issue and affected components
- Steps to reproduce the problem
- Any suggested fixes or mitigations (if known)
-
Response Timeline:
- Initial acknowledgment within 72 hours
- Assessment and triage within 7 days
- Coordinated disclosure and patch publication within 30 days, if confirmed
-
Ethical Disclosure:
Please do not publish details until the issue has been resolved and verified through peer review.
This policy applies to:
- Code within
/scripts/,/src/, and automation workflows under.github/ - The Docusaurus build and its plugins
- Smart contract specifications, if included in future releases
Issues related to documentation, diagrams, or theoretical models are not considered security vulnerabilities unless they expose sensitive credentials or system details.
Contributors who responsibly report security issues will be publicly credited (unless anonymity is requested) in the next release notes under “Security & Integrity Updates.”
The coherosphere Collective
Integrity through transparency — security as coherence.