If you discover a security vulnerability in ShellWard, please report it responsibly.

DO NOT open a public GitHub issue for security vulnerabilities.

Instead, please email: ialanhacker@gmail.com

Or use GitHub Security Advisories to report privately.

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

• 24 hours: Acknowledgment of your report
• 72 hours: Initial assessment and severity classification
• 7 days: Fix development for critical/high severity issues
• 14 days: Fix development for medium/low severity issues

We credit all reporters in our CHANGELOG (unless you prefer to remain anonymous).

ShellWard itself is a security tool. We hold ourselves to a high standard:

• Zero external dependencies (reduced supply chain risk)
• All regex patterns reviewed for ReDoS resistance
• Audit log permissions restricted to owner-only (0600)
• No network calls — all detection is local