Security and Responsible Disclosure

If you believe you have identified a security issue in Commercial Readiness, report it privately and do not disclose it publicly until we have had a reasonable opportunity to investigate and remediate.

Please include a clear description of the issue, affected endpoint or workflow, reproduction steps, impact assessment, and any proof of concept needed to verify the report safely.

Security reports should be sent to [email protected]. We will acknowledge receipt and aim to respond with next steps as quickly as practical.

Please avoid actions that could degrade service, expose customer data, or disrupt other users while testing.