Please do not open public issues for security vulnerabilities.
Report privately by email to security@bexchain.com with:
- A clear description of the issue
- Reproduction steps or proof of concept
- Expected impact
- Suggested fix (if available)
If you cannot use email, open a GitHub issue with minimal details and mark it as security-sensitive so maintainers can move it to a private channel.
- Initial acknowledgement: within 72 hours
- Triage and severity assessment: within 7 days
- Remediation timeline: depends on severity and affected components
This policy applies to:
- Public docs and metadata in this repository
- Public integration parameters referenced by this repository
Private infrastructure and internal node services are managed separately but can still be reported through the same contact.