Security

SECURITY.md

Security Policy

Reporting a Vulnerability

If you discover a security vulnerability in MSCC, please report it responsibly.

Do NOT create a public GitHub issue for security vulnerabilities.

How to Report

Email security concerns to the maintainers
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)

Response Timeline

Acknowledgment: Within 48 hours
Initial Assessment: Within 7 days
Resolution: Depends on severity

Supported Versions

Version	Supported
0.1.x	✅

Security Best Practices

When using MSCC:

Keep Updated: Use the latest version
API Security: Use API keys in production
Network: Run API server behind a reverse proxy
Secrets: Never commit .env files
Permissions: Run with minimal required permissions

Known Limitations

Static analysis has false positives/negatives
Pattern matching cannot catch all vulnerabilities
Not a replacement for comprehensive security audits

There aren’t any published security advisories