We actively support security updates for:

CRITICAL: DO NOT create public GitHub issues for security vulnerabilities.

1. Email: support@stratarouter.com
2. Subject line: [SECURITY] Brief description
3. Response Time: Within 48 hours
4. Status Updates: Every 3–5 business days

Subject: [SECURITY] Brief description

1. Vulnerability description
2. Steps to reproduce
3. Affected versions
4. Potential impact (CVSS score if known)
5. Suggested fix (optional)
6. Discovery credit (if desired)

• Acknowledgment: Within 48 hours
• Initial Assessment: Within 5 business days

# Always validate embedding dimensions
if embedding.len() != expected_dimension:
    return Err(Error::DimensionMismatch { ... })

# Sanitize route IDs
route_id = route_id.trim()
if route_id.contains("..") or route_id.contains("/"):
    return Err(Error::InvalidInput("Invalid route ID"))

Implement rate limiting in production to prevent abuse.

Monitor memory usage:

• ~64 MB per 1 000 routes
• Scales linearly
• Set ulimits in production

1. Never use unsafe without audit
2. Validate all external input
3. Run cargo audit before commits
4. Use cargo deny for license checks
5. Add security tests for new features

We follow coordinated disclosure:

1. Private notification to affected parties
2. Fix developed and tested
3. Security advisory published on GitHub
4. CVE assigned if applicable

• Initial security review completed
• No vulnerabilities identified
• Added input validation
• Added rate limiting guidance

• Security reports: support@stratarouter.com
• General enquiries: support@stratarouter.com
• Docs: https://docs.stratarouter.com
• Website: https://stratarouter.com