We take security seriously. If you discover a security vulnerability, please report it responsibly.

1. Do NOT open a public GitHub issue for security vulnerabilities
2. Email us at: hi@productdevbook.com
3. Include the following information:
   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Any suggested fixes (optional)

• Initial Response: Within 48 hours
• Status Update: Within 7 days
• Resolution Timeline: Depends on severity, typically within 30 days

1. We will acknowledge receipt of your report
2. We will investigate and validate the vulnerability
3. We will work on a fix and coordinate disclosure timing with you
4. We will credit you in the security advisory (unless you prefer to remain anonymous)

When using Devir:

• Keep your devir.yaml configuration file secure
• Don't commit sensitive environment variables
• Use the latest version for security updates
• Review service commands before running in production

This security policy applies to:

• The Devir CLI tool
• Official releases on GitHub
• The Homebrew formula

Third-party integrations and forks are outside this scope.