Security policy

Report security issues privately.

This page gives recruiters, clients, and security researchers a clear vulnerability-reporting path for Meidie's public portfolio without implying enterprise SOC, compliance, or bug bounty coverage.

Contact: [email protected]

Suggested subject: [Security] report: Meidie security portfolio

Scope

In scope:

Out of scope:

What to include

Safe testing

Artifact integrity and signing

Resume PDF: assets/Meidie_Fei_Cyber_Security_Resume.pdf

SHA-256: 19BEBF8AA951A5702BB9D80D0B47B63592C57D420CF525F1FD99EADAF6A48F07

Machine-readable manifest: artifact-manifest.json

RMM Hunter releases: github.com/MDP-Studio/rmm-hunter/releases

Current public Windows builds are treated as unsigned beta artifacts unless a release page says otherwise.

When future artifacts are code-signed, checksum-published, or detached-signature-published, the portfolio should link to the relevant GitHub release, checksum, signing identity, and verification steps from this policy.

Security claims boundary

The portfolio demonstrates practical security engineering, documentation, and deployment habits. It does not claim SOC 2, ISO 27001, PCI DSS, formal penetration-test attestation, or continuous monitoring coverage unless a separate project page provides verified evidence.