Skip to content

Security: kakunin-ai/kakunin-core

Security

SECURITY.md

Security Policy

Kakunin is compliance and identity infrastructure — we treat security reports with the highest priority.

Reporting a Vulnerability

Do not open a public GitHub issue for security vulnerabilities.

Email security@kakunin.ai with:

  • A description of the issue and its impact
  • Steps to reproduce (proof-of-concept if possible)
  • Affected component and version/commit

You will receive an acknowledgment within 48 hours and a triage decision within 5 business days.

Disclosure Policy

  • We follow coordinated disclosure with a 90-day window from report to public disclosure.
  • We will credit reporters in release notes and our security acknowledgments page unless you prefer to remain anonymous.
  • Please act in good faith: no data exfiltration, no service disruption, and only test against infrastructure you own. Do not test against the hosted platform (api.kakunin.ai) or other tenants.

Scope

In scope: the source code in this repository. The hosted Kakunin platform, its certificate authority, and its infrastructure are a separate track — still report to security@kakunin.ai, and we will route it.

There aren't any published security advisories