If you discover a security vulnerability in kalixOS, please follow these steps to report it:

1. Ensure Your Findings Are Valid: Before reporting a vulnerability, please ensure it is a genuine security issue. Avoid making it public until it has been resolved.

2. Contact Us Privately: Send an email to info@gianlucaiavicoli.dev with details about the vulnerability. Include the following information:

   • A clear description of the vulnerability
   • Steps to reproduce or proof-of-concept
   • Affected versions/components
   • Any additional relevant details

3. Response Time: We aim to acknowledge all reports within 72 hours and will work with you to verify and understand the issue.

4. Resolution Process: The timeline for resolution depends on severity and complexity. We will:

   • Keep you updated on progress
   • Notify you of expected fix timeline
   • Work with you to validate the fix

5. Disclosure Policy: After resolution, we will:

   • Coordinate timing of public disclosure
   • Release security advisory with fix
   • Credit reporters (if desired)

6. Recognition: Valid vulnerability reports that lead to fixes will be:

   • Acknowledged in release notes
   • Credited on our security page
   • Recognized in the GitHub Security Advisory

Thank you for helping keep kalixOS secure. We take all security reports seriously and appreciate your responsible disclosure.