Eunoiana Software Development

Published security procedure

Vulnerability and Threat Management

Eunoiana Dev maintains a vulnerability and threat management procedure for identifying, assessing, prioritising, remediating and reviewing security risks affecting company systems, client projects, dependencies, hosting platforms and production services.

Owner: Eunoiana Dev Effective date: 18 April 2026 Applies to: Code, dependencies, platforms and client projects

Procedure Statement

Eunoiana Dev manages vulnerabilities and threats through a practical lifecycle: identify potential issues, assess risk, prioritise action, remediate or mitigate, verify the fix and record lessons learned where appropriate.

Security issues may be identified through dependency alerts, platform notifications, code review, client reports, third-party advisories, monitoring signals, vendor communications, vulnerability research or unusual system behaviour.

Identification

Vulnerabilities may be identified from package and dependency alerts, hosting provider notices, SaaS security bulletins, client reports, code review, application logs, monitoring signals and public security advisories.

Risk Assessment

Issues are assessed based on severity, exploitability, data sensitivity, exposure to the public internet, authentication requirements, affected systems, business impact and whether production or personal data may be involved.

Prioritisation

Higher-risk vulnerabilities affecting production systems, authentication, personal data, credentials, payment flows or public-facing services are prioritised over lower-risk issues in internal or non-production systems.

Remediation

Remediation may include dependency updates, patching, configuration changes, permission changes, credential rotation, input validation, code fixes, disabling vulnerable features or changing third-party service settings.

Mitigation

Where immediate remediation is not practical, temporary mitigations may be applied. These may include access restrictions, feature disablement, firewall or platform rules, additional monitoring or operational workarounds.

Verification

Fixes are checked through appropriate testing, review, deployment validation, platform checks or confirmation that the vulnerable package, configuration or access path has been corrected.

Threat Awareness

Eunoiana Dev monitors relevant platform, hosting, software and dependency communications to stay aware of threats that may affect active projects, production services or commonly used tools.

Client Communication

If a vulnerability or threat may materially affect a client project, Eunoiana Dev will communicate through the agreed project or account channel and coordinate remediation steps where client action is required.

Review and Questions

This vulnerability and threat management procedure is reviewed as systems, tools, dependencies, hosting platforms and client requirements change.

Vulnerability reports or questions can be sent to hello@eunoiana.com.