Security Policy

1. Security Controls

We maintain layered controls including transport security, API validation, rate limiting, incident reporting, and restrictive browser security headers.

2. Coordinated Vulnerability Disclosure

Report vulnerabilities to security@cadguardian.com. Include reproduction steps, impact, and affected endpoints.

We aim to acknowledge reports within two business days and provide status updates during triage.

3. Scope and Safe Testing

Do not exfiltrate data, attempt denial-of-service, social engineer users, or disrupt operations. Testing must be limited, non-destructive, and compliant with law.