80c5427ac2
Compliance requirement: SEC cybersecurity disclosure standards
🤖 Generated with Claude Code
54 lines
1.3 KiB
Markdown
54 lines
1.3 KiB
Markdown
# Security Policy
|
|
|
|
## Supported Versions
|
|
|
|
We take security seriously at BlackRoad OS. The following versions are currently supported with security updates:
|
|
|
|
| Version | Supported |
|
|
| ------- | ------------------ |
|
|
| Latest | :white_check_mark: |
|
|
| < Latest | :x: |
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
**DO NOT** create a public GitHub issue for security vulnerabilities.
|
|
|
|
### How to Report
|
|
|
|
Please report security vulnerabilities by emailing:
|
|
|
|
**blackroad.systems@gmail.com**
|
|
|
|
Include:
|
|
- Description of the vulnerability
|
|
- Steps to reproduce
|
|
- Potential impact
|
|
- Suggested fix (if available)
|
|
|
|
### What to Expect
|
|
|
|
- **Acknowledgment:** Within 24 hours
|
|
- **Initial Assessment:** Within 72 hours
|
|
- **Regular Updates:** Every 7 days until resolved
|
|
- **Disclosure Timeline:** Coordinated disclosure after fix is deployed
|
|
|
|
### Security Standards
|
|
|
|
This repository adheres to:
|
|
- **OWASP Top 10** security best practices
|
|
- **SEC Rule 17a-4** recordkeeping requirements (where applicable)
|
|
- **NIST Cybersecurity Framework**
|
|
- **SOC 2 Type II** controls (in progress)
|
|
|
|
### Compliance
|
|
|
|
For compliance-related security concerns:
|
|
- **Chief Compliance Officer:** Alexa Amundson
|
|
- **CRD#:** 7794541
|
|
- **Email:** blackroad.systems@gmail.com
|
|
|
|
---
|
|
|
|
**Last Updated:** 2026-01-04
|
|
**Compliance Framework:** BlackRoad OS Master Compliance Framework v1.0
|