If you discover a security vulnerability in Batesian itself, please do not open a public GitHub issue.
Report it privately via GitHub's Security Advisory feature:
- Go to the Security tab of this repository
- Click "Report a vulnerability"
- Fill in the details
You can expect an acknowledgment within 48 hours and a resolution timeline within 14 days for confirmed issues.
In scope: the Batesian CLI, SDK, rule engine, and bundled attack rules.
Out of scope: vulnerabilities in third-party dependencies (report those to the upstream project), and findings from running Batesian against systems you do not own or have explicit permission to test.
Batesian is built for authorized security testing only. Use it only against systems you own or have explicit written permission to test. The maintainers are not responsible for misuse.