# Security Policy
## Supported Versions
Pulsar is currently in an early development stage and does not yet have a formal long-term support policy.
Security fixes, when applicable, are expected to land on the main development line first.
## Reporting a Vulnerability
If you believe you found a security issue, please avoid opening a public issue with exploit details.
For now, report it privately to:
- Kevin Vanden-Brande
Include:
- affected platform
- affected commit or version
- reproduction steps
- impact assessment
- proof of concept if safe to share
You will receive acknowledgement as quickly as practical, and the issue will be assessed before any public disclosure.
## Scope
Relevant security topics include:
- unsafe service installation behavior
- insecure file permissions
- unsafe command execution paths
- API exposure issues
- denial-of-service vectors caused by malformed inputs or unbounded resource use
## Current Status
Pulsar should not yet be treated as a hardened enterprise security product.
That is an explicit non-goal for the current stage.