# Security Policy

## Supported Versions

We take security seriously at BlackRoad OS. The following versions are currently supported with security updates:

| Version | Supported          |
| ------- | ------------------ |
| Latest  | :white_check_mark: |
| < Latest | :x:               |

## Reporting a Vulnerability

**DO NOT** create a public GitHub issue for security vulnerabilities.

### How to Report

Please report security vulnerabilities by emailing:

**blackroad.systems@gmail.com**

Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if available)

### What to Expect

- **Acknowledgment:** Within 24 hours
- **Initial Assessment:** Within 72 hours
- **Regular Updates:** Every 7 days until resolved
- **Disclosure Timeline:** Coordinated disclosure after fix is deployed

### Security Standards

This repository adheres to:
- **OWASP Top 10** security best practices
- **SEC Rule 17a-4** recordkeeping requirements (where applicable)
- **NIST Cybersecurity Framework**
- **SOC 2 Type II** controls (in progress)

### Compliance

For compliance-related security concerns:
- **Chief Compliance Officer:** Alexa Amundson
- **CRD#:** 7794541
- **Email:** blackroad.systems@gmail.com

---

**Last Updated:** 2026-01-04
**Compliance Framework:** BlackRoad OS Master Compliance Framework v1.0