Security is a first-class principle of the PAXECT Polyglot Plugin and the broader PAXECT ecosystem.
All modules — Core, AEAD Hybrid, Polyglot, SelfTune, and Link — are developed with deterministic design, zero telemetry, and full reproducibility in mind.

Only the latest main branch and official tagged releases are actively supported and reviewed for security issues.
Older versions are provided as-is without any maintenance or guarantee.

If you discover a vulnerability or security risk, please report it privately and responsibly.

Contact options:

• enterprise@[email protected] (preferred for enterprise or compliance disclosures)
• [email protected] (general coordination)
• GitHub: use Security → Advisories → Report a vulnerability

Do not create public Issues or Pull Requests for unresolved vulnerabilities.

1. The report will be acknowledged within 72 hours.
2. A maintainer will contact you for additional details or proof of concept, if required.
3. A fix or mitigation will be developed privately.
4. Once verified, a coordinated public advisory and changelog entry will be published.
5. Researchers may be credited for responsible disclosure, if they wish.

To ensure safe and lawful testing:

• Do not test on production or live environments.
• Avoid social engineering, spam, or denial-of-service attacks.
• Keep findings confidential until an official patch or advisory is released.
• Follow good-faith principles of coordinated disclosure.

• LICENSE — Apache-2.0 License
• CODE_OF_CONDUCT — Contributor standards
• TRADEMARKS — Brand and naming policy

© 2025 PAXECT Systems. All rights reserved.
For all responsible disclosure inquiries: [email protected]