Security is a top priority for the AOS (Ajay O S Platform) ecosystem.
We are committed to protecting user data, system integrity, and platform reliability.
If you discover a security vulnerability:
β Do NOT open a public GitHub issue
β Do NOT disclose the issue publicly
β Report privately via email:
Include:
- Description of the vulnerability
- Steps to reproduce (if applicable)
- Affected endpoints or components
- Impact assessment (if known)
We aim to:
- Acknowledge reports within 72 hours
- Provide an initial assessment within 7 days
- Resolve confirmed vulnerabilities as quickly as possible
Timelines may vary depending on severity and complexity.
This policy applies to:
- Public-facing applications
- APIs and services
- Documentation systems
- Official Ajayos domains
- Public GitHub repositories under AOS
We support responsible disclosure practices:
- Please allow reasonable time for remediation
- Avoid accessing or modifying user data
- Avoid service disruption
- Do not exploit the vulnerability beyond proof of concept
We appreciate responsible researchers and may acknowledge valid reports.
The following are generally not considered security issues:
- Missing security headers without exploit
- Rate limiting suggestions without abuse demonstration
- Self-XSS
- Clickjacking on non-sensitive pages
- Theoretical vulnerabilities without proof
While internal implementations remain private, AOS follows best practices including:
- Secure authentication mechanisms
- Controlled API access
- Regular dependency updates
- Environment isolation
- Monitoring and logging
- Backup and recovery planning
We will not pursue legal action against researchers who:
- Follow responsible disclosure
- Avoid privacy violations
- Act in good faith
Thank you for helping keep AOS secure.