Sovereign Safety Labs actively maintains and provides security updates for the following versions of the Vesta Governance Framework:

Sovereign Safety Labs takes the security of high-reasoning governance systems seriously. Given the nature of this architecture (AI Containment & Thermodynamics), we appreciate the responsible disclosure of any vulnerabilities, including:

• Thermodynamic Leakage: Bypass of ΔS entropy clamps.
• Causal Decoupling: Failures in CLF lineage enforcement.
• Protocol Override: Successful adversarial subversion of the Sovereign Protocol.

Please do not report security vulnerabilities through public GitHub issues.

1. Email: Send a description of the vulnerability to security@sovereignsafetylabs.com (or backup: stephen.brouhard@sovereignsafetylabs.com).
2. Encryption: If the vulnerability involves sensitive kinetic or critical infrastructure vectors, please request our PGP key before sending details.
3. Timeline: We acknowledge all reports within 48 hours. We request a standard 90-day embargo on public disclosure to allow for patch development and release.

Sovereign Safety Labs supports safe-harbor for security researchers. We will not pursue legal action against researchers who:

• Identify and report vulnerabilities in good faith.
• Avoid accessing or modifying data that does not belong to them.
• Give us reasonable time to correct the issue before making any information public.

For vulnerabilities related to NIST 800-53 or DOE Genesis Mission compliance gaps, please flag the report with [COMPLIANCE-CRITICAL] in the subject line for expedited review.