This is the default security policy for all Kraken Networks
repositories. Individual repos may override it with their own SECURITY.md.
Do not open a public issue for security vulnerabilities.
Report privately via either channel:
- GitHub — the affected repo's Security → Advisories → Report a vulnerability
- Email — security@krakennetworks.com
Please include a description, affected versions, and a minimal reproduction.
| Stage | Target |
|---|---|
| Acknowledge receipt | 48 hours |
| Initial assessment | 7 days |
| Fix for critical issues | 30 days |
We will not pursue or support legal action against researchers who report vulnerabilities in good faith, who avoid privacy violations and service disruption, and who give us reasonable time to respond before public disclosure.