If you discover a security vulnerability in tcs-macro-pulse, please report it
privately so we can fix it before disclosure.
- Preferred: Open a private security advisory on GitHub.
- Alternative: Email
security@tcs-platform.com(PGP key on request).
Please include:
- A description of the vulnerability and its potential impact.
- Steps to reproduce (proof of concept appreciated).
- Affected version (
tcs-macro-pulseversion + Python version + OS). - Any suggested mitigation.
- Acknowledgement within 72 hours.
- Triage + initial assessment within 7 days.
- Patch + coordinated disclosure within 30 days for critical issues.
- Credit (if you wish) in the release notes and
SECURITY.mdHall of Fame.
In scope:
- All code under
tcs_macro_pulse/ examples/(informational, but reproducible exploits welcome)- Build artifacts on PyPI (when published)
Out of scope:
- The proprietary TCS-PLATFORM SaaS (separate disclosure channel:
security@tcs-platform.com) - Third-party data sources (FRED, GDACS, ACLED) β please report directly to them
- Vulnerabilities in dependencies β please report upstream first; we'll coordinate
- Publicly disclose the vulnerability before we've had a chance to patch.
- Test against production TCS-PLATFORM systems without prior written authorization.
- Use any vulnerability you find to access data you do not own.
| Version | Supported |
|---|---|
| 0.1.x | β Yes |
| < 0.1 | β No (pre-release) |
Thank you for helping keep tcs-macro-pulse and its users safe.