This document outlines the security processes and policies for the TQ42 Cryptography. Our aim is to maintain the highest security standards in post-quantum cryptographic development and to be transparent about our security practices. We encourage responsible disclosure of any security vulnerabilities.

We support the following versions

We take all security bugs in TQ42 Cryptography seriously. We appreciate your efforts and responsible disclosure and will make every effort to acknowledge your contributions. Please open a new issue and clearly document the specifics of the vulnerability.

Upon receipt of a vulnerability issue, the following actions will be taken:

• We will acknowledge receipt of your vulnerability report.
• We will perform an initial analysis to verify the validity of the report.
• Once the vulnerability is confirmed, we will schedule a fix to be implemented.
• We will publicly announce the vulnerability after the fix and release, respecting confidentiality agreements where applicable.

• Security updates will be issued as part of regular library updates.
• Emergency updates will be triggered by critical vulnerability discoveries that directly impact the usability and integrity of cryptographic modules.

As with any cryptographic library, there may be undiscovered vulnerabilities. The field of post-quantum cryptography is rapidly evolving, and TQ42 Cryptography is committed to integrating robust and innovative security practices as the landscape evolves.

As of the current date, there have been no security issues reported.