If you discover a security vulnerability in MIXI, please report it responsibly.

Do not open a public issue.

Send an email to fabrizio.salmi@gmail.com with:

• A description of the vulnerability.
• Steps to reproduce.
• Potential impact assessment.
• Suggested fix, if you have one.

You will receive an acknowledgment within 48 hours. We will work with you to understand the issue and coordinate a fix before any public disclosure.

This policy covers the MIXI application (browser and Electron), the Rust/Wasm DSP engine, the MIXI Sync protocol, and the documentation website at mixidaw.com.

Third-party dependencies are monitored via GitHub Dependabot.

We appreciate responsible disclosure. Contributors who report valid security issues will be credited in the release notes (unless they prefer to remain anonymous).