| Version | Supported |
|---|---|
| 1.0.x | ✅ Active |
| < 1.0 | ❌ EOL |
BDE Score follows a defense-in-depth security model:
- Authentication: API Key (X-API-Key header) with bcrypt hashing (cost=12)
- Rate Limiting: 10 requests/minute per IP
- Input Validation: Market/symbol whitelist enforcement
- Error Handling: Generic error messages, no internal detail leakage
- Transport: HTTPS via Cloudflare Tunnel
- Secrets: .env only (chmod 600), never in code/git/logs
- EU AI Act Art.50: Transparent scoring methodology, no black-box predictions
- Financial Disclaimer: Technical service only. Not investment advice.
If you discover a security vulnerability, please:
- DO NOT open a public issue
- Email: nnhbh@foxmail.com
- Include: description, steps to reproduce, affected component
- Expected response time: 48 hours
Latest audit: 2026-07-11 — Score: 98/100
This project follows a 7-iron-rule security constitution. See SECURITY_CONSTITUTION for details.