If you discover a security vulnerability in FuzzySat, please report it responsibly by emailing ivanrlg@gmail.com.

Do NOT open a public GitHub issue for security vulnerabilities.

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

• Acknowledgment: within 48 hours
• Initial assessment: within 1 week
• Fix or mitigation: as soon as practical, depending on severity

FuzzySat is a scientific image classification tool. Security concerns most likely involve:

• Path traversal in raster file loading
• Untrusted input in CLI arguments or JSON configuration
• Dependencies with known CVEs (GDAL bindings, ML.NET, Radzen)

We use Dependabot to monitor NuGet dependencies for known vulnerabilities. Security updates are prioritized and applied promptly.

We appreciate responsible disclosure and will credit reporters (with permission) in release notes.