This repository contains public documentation only. No production source code, credentials, model weights, or client data are stored here. However, we take seriously any security-relevant finding that touches Disuza Quantitative's public surfaces:

• This repository and its contents.
• The Disuza Quantitative website at disuza.com.
• Any Disuza-operated endpoints that are reachable from the public internet.

Please do not open a public GitHub issue for security findings.

Send an email to contact@disuza.com with:

• A description of the finding and its suspected impact.
• Steps to reproduce (proof-of-concept, logs, or scripts as needed).
• Any suggested mitigation or fix.
• Your contact details and whether you wish to be credited in an acknowledgment.

You can also reference the canonical security contact at disuza.com/.well-known/security.txt (RFC 9116).

• Acknowledgment: within 48 hours of receipt.
• Triage and initial response: within 7 days.
• Resolution: proportionate to severity, typically 30 days or less for confirmed issues on our public surfaces.

• Third-party services, dependencies, and cloud providers (please report to their respective security teams).
• Social engineering, physical security, or issues targeting Disuza personnel.
• Self-inflicted misconfigurations in forks or adaptations of this documentation.
• Findings already reported or publicly known at the time of your report.

We appreciate coordinated disclosure and will acknowledge researchers who report valid findings in good faith (with their permission). Disuza does not currently operate a monetary bug-bounty programme.

Disuza Quantitative Security — contact@disuza.com