If you discover a security vulnerability in SceneView, please report it responsibly by emailing security@sceneview.com. Do not open a public GitHub issue for security vulnerabilities.

When reporting, please include:

• A description of the vulnerability and its potential impact
• Steps to reproduce the issue
• Affected version(s)
• Any suggested mitigation or fix, if available

You can expect an initial response within 48 hours of your report. We will work with you to understand and validate the issue, and will provide updates on our progress toward a fix.

SceneView follows a 90-day coordinated disclosure policy. After a vulnerability is reported:

1. We will confirm receipt within 48 hours.
2. We will investigate and work on a fix within the 90-day disclosure window.
3. Once a fix is available, we will release a patched version and publish a security advisory.
4. The reporter may publicly disclose the vulnerability after the fix has been released or after the 90-day window has elapsed, whichever comes first.

We appreciate the efforts of security researchers and community members who help keep SceneView and its users safe.