If you discover a security vulnerability in TeslaOnTarget, please:

1. DO NOT open a public issue
2. Email the details to: [email protected]
3. Include:
   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Suggested fix (if any)

• Acknowledgment within 48 hours
• Status update within 7 days
• Fix typically within 30 days (depending on severity)

• Plaintext TCP Only: TAK communication is unencrypted
• Local Network Only: Should not be exposed to internet
• No TAK Authentication: Relies on network security

1. Run on same network as TAK server
2. Use firewall rules to restrict access
3. Keep Tesla credentials secure (never commit cache.json)
4. Use VPN for any remote access
5. Monitor logs for suspicious activity

• SSL/TLS support for TAK connections
• Certificate-based authentication
• Encrypted credential storage

This project uses Dependabot to automatically:

• Monitor for security vulnerabilities
• Update dependencies weekly
• Create pull requests for updates

Security updates are prioritized and merged quickly.