◆ SECURITY POLICY / DOC_SECURITY
Security policy.
Responsible disclosure and NetSpectra security architecture
§01
Responsible Disclosure
If you discover a vulnerability in NetSpectra or AdaEdge, please report it privately. We take every report seriously and respond within 48 hours.
§02
Security Architecture
NetSpectra is built on defence-in-depth principles with formal verification at every layer.
ARCH_01
Formal verification — all critical code proven via SPARK/GNATprove. Zero unproven verification conditions.
ARCH_02
Zero JavaScript — analysis operates at the TLS/TCP level. No client-side code to attack.
ARCH_03
Zero Cookies — no client state, no session tokens, no CSRF surface.
ARCH_04
TLS-only analysis — all fingerprinting happens passively during the TLS handshake.
§03
Scope
In Scope
- AdaEdge engine (Go + Ada/SPARK)
- Management API (:8080)
- Web interface (netspectra.org)
- WireGuard tunnel configuration
Out of Scope
- Third-party services and dependencies
- Social engineering
- DDoS testing