| Version | Supported |
|---|---|
| 0.1.x | ✅ |
| < 0.1 | ❌ |
Please do NOT report security vulnerabilities through public GitHub issues.
Instead, email security@rtmx.ai with:
- Description of the vulnerability
- Steps to reproduce
- Expected vs actual behavior
- Impact assessment (if known)
We will acknowledge receipt within 48 hours and provide a fix timeline within 7 business days for critical issues.
All release binaries are GPG-signed. Verify your download:
# Import RTMX public key curl -fsSL https://rtmx.ai/gpg.key | gpg --import # Verify checksums signature gpg --verify checksums.txt.sig checksums.txt # Verify binary checksum sha256sum -c <(grep linux_amd64 checksums.txt)
- All dependencies are audited with
govulncheckin CI - CodeQL analysis runs on every push
- Binaries are statically compiled (CGO_ENABLED=0) with no external runtime dependencies
- Release artifacts include SBOM (Software Bill of Materials) in SPDX format
- Security issues: security@rtmx.ai
- General support: dev@rtmx.ai
- Company: ioTACTICAL LLC