We take security vulnerabilities seriously. If you discover a security issue, please follow these guidelines:

1. DO NOT create a public GitHub issue for security vulnerabilities
2. DO send a private report to: raihanzxzy@gmail.com
3. Include as much information as possible:
   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Suggested fix (if any)

• Acknowledgment: Within 48 hours
• Initial Response: Within 7 days
• Resolution Timeline: 90 days (standard responsible disclosure)

We follow a responsible disclosure process:

1. Reporter submits vulnerability privately
2. We acknowledge and assess the report
3. We work on a fix
4. Fix is released
5. Vulnerability is publicly disclosed (after 30 days)

This security policy applies to:

• The core library code (include/, src/)
• Build system (CMakeLists.txt)
• Official examples

Out of Scope:

• Dependencies (ShadowHook, XDL) - report to upstream
• Third-party code

Currently, we do not offer bug bounties. However:

• Contributors will be credited (with permission)
• Hall of Fame recognition available

When using this library:

1. Only use on authorized systems - Never test apps you don't own or have permission to analyze
2. Keep dependencies updated - Regularly update ShadowHook and XDL
3. Follow local laws - Comply with DMCA, CFAA, and local computer misuse laws
4. Responsible disclosure - Report vulnerabilities found in target apps to their developers

For security concerns:

• Email: raihanzxzy@gmail.com
• GitHub: HanSoBored

Thank you for helping keep Android-Mem-Kit secure!