We take security seriously at BitBadges. If you discover a security vulnerability, please report it responsibly.

1. Do NOT open a public GitHub issue for security vulnerabilities
2. Email us at: security@bitbadges.io
3. Include:
   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Any suggested fixes (optional)

• Acknowledgment: Within 48 hours
• Initial Assessment: Within 7 days
• Resolution Timeline: Depends on severity, typically 30-90 days

This policy applies to:

• bitbadgeschain (blockchain)
• bitbadgesjs (SDK)
• bitbadges-indexer (API/indexer)
• bitbadges-frontend (web app)
• All other BitBadges repositories

We appreciate responsible disclosure and may publicly acknowledge security researchers who report valid vulnerabilities (with permission).

When integrating with BitBadges:

• Always validate signatures and proofs
• Use HTTPS for all API calls
• Keep dependencies updated
• Follow the principle of least privilege