At UltimateXO, we take security seriously and are committed to providing a safe experience for all users. We appreciate responsible disclosure and value contributions that help improve the security of our project.

To report a security issue, please email us at security@ultimatexo.com.

When reporting a vulnerability, please include as many details as possible to help us investigate:

• Type of issue (e.g., cross-site scripting, malicious package, etc.)
• Full paths of source file(s) related to the issue
• Location of affected code (tag, branch, commit, or direct URL)
• Any special configuration required to reproduce the issue
• Step-by-step instructions to reproduce the issue
• Proof-of-concept or exploit code (if available)
• Potential impact, including how an attacker might exploit the issue

Please do not report security vulnerabilities through public GitHub issues.

We aim to respond to security reports within:

• Initial response: 48 hours
• Status update: 7 days
• Fix timeline: Depends on severity and complexity

When contributing to UltimateXO:

• Keep dependencies up to date
• Follow secure coding practices
• Never commit secrets or credentials
• Use environment variables for sensitive data
• Validate all user inputs
• Follow the principle of least privilege

We follow a coordinated disclosure process:

1. Report received and acknowledged
2. Issue verified and assessed
3. Fix developed and tested
4. Security advisory published
5. Credit given to reporter (if desired)

Thank you for helping keep UltimateXO and its users safe!