# Security Policy

## Reporting a Vulnerability

If you find a security issue, please email security@lerkolabs.com rather than opening a public issue.

Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact

We'll acknowledge within 48 hours and aim to patch within 7 days for critical issues.

## Scope

- SSH server authentication
- Cluster API authentication
- Stored credentials (alert provider tokens)
- Status page information leakage