If you discover a security vulnerability in SpoofEye, please report it responsibly. We encourage users and developers to contact us privately before publicly disclosing any security issues.

Email: security@spoofeye.org PGP Key: https://resources.callec.net/security/pgp.asc

When reporting a vulnerability, please include:

• A clear description of the issue
• Steps to reproduce the vulnerability
• Any potential impact or risk
• Suggested mitigation (if applicable)

We will acknowledge your report promptly and work to address the issue in a timely manner.

Only the following versions of SpoofEye are actively maintained and receive security updates:

• main branch / latest release

Please ensure you are using a supported version when reporting security issues.

Security patches and updates will be published in the repository with a corresponding release. Always update to the latest version to minimize risk.

We follow responsible disclosure principles:

1. Report privately: Send security issues directly to the maintainers via the contact above.
2. Do not exploit: Do not use the vulnerability to cause harm.
3. Public disclosure: Security issues may be disclosed publicly only after a fix is released or with the maintainers’ permission.

• Do not run SpoofEye scripts or test scripts on production systems unless fully understood and verified.
• Keep your operating system and dependencies up-to-date.
• Use caution when handling output or integrating SpoofEye with other software.

Thank you for helping us keep SpoofEye secure.