Security Standards

Report issues
privately.

Facenox prioritizes the secure handling of biometric data. We maintain a strict private disclosure policy to protect all deployments during the patching process.

Policy & Versions

Supported Versions

Only the latest release is actively supported for security fixes. We do not maintain legacy branches for security patches.

Response Times

All valid reports are acknowledged within 48 to 72 hours. Resolution timelines are dictated by severity and technical complexity.

Disclosure Path

Private Disclosure

Do not open public GitHub issues for security vulnerabilities. Use the private draft advisory path instead.

Open Draft Security Advisory View Full Security Policy

High-Severity Benchmarks

Examples of vulnerabilities that trigger prioritized patching and public advisories.

Extracting raw face images or biometric templates unexpectedly

Bypassing consent checks for enrollment or recognition

Reading another organization's cloud data through a tenant-isolation bug

Modifying attendance or audit data without authorization

Protection Scope

This policy covers the open-source Facenox Desktop core and its integration points. Live cloud environments and hosting systems are managed under separate security protocols.