We take security seriously. If you discover a security vulnerability in LASS, please report it responsibly.

1. Do NOT open a public GitHub issue for security vulnerabilities
2. Email security concerns to: security@example.com (replace with actual email)
3. Include:
   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Suggested fix (if any)

• Acknowledgment: Within 48 hours
• Initial Assessment: Within 7 days
• Resolution Timeline: Depends on severity
  • Critical: 24-72 hours
  • High: 7 days
  • Medium: 30 days
  • Low: 90 days

We consider security research conducted in accordance with this policy to be:

• Authorized
• Lawful
• Helpful

We will not pursue legal action against researchers who:

• Act in good faith
• Avoid privacy violations
• Do not destroy data
• Report findings promptly

When using LASS:

1. Run with least privilege: Only use root when necessary
2. Protect reports: Scan results contain sensitive information
3. Secure baselines: Baseline files may reveal security posture
4. Audit regularly: Run scans periodically, not just once
5. Update frequently: Keep LASS updated for latest checks

LASS is a detection tool, not a prevention tool:

• Cannot block attacks
• May miss sophisticated threats
• Results require human interpretation
• Some checks need root for full visibility