Skip to content
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 28 additions & 0 deletions SECURITY.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
# Security Policy

## Reporting a Vulnerability

Please do not report unpatched vulnerabilities through public GitHub issues.

Preferred: use GitHub private vulnerability reporting for this repository:

- https://github.com/ContextualWisdomLab/aFIPC/security/advisories/new

If private reporting is unavailable, open a public issue that only asks for a secure disclosure channel. Do not include exploit details, secrets, personal data, or unreleased vulnerability information in a public issue.

When reporting, include:

- affected branch, tag, or commit
- reproduction steps
- impact assessment
- proof-of-concept input or sanitized logs when needed for safe reproduction

## Response Expectations

- acknowledgement target: within 7 days
- triage or status update target: within 30 days when a fix is feasible
- coordinated disclosure preferred after a fix or mitigation is available

## Safe Handling

Do not send production credentials, private keys, customer data, or copyrighted third-party source documents in reports. Use synthetic fixtures and sanitized evidence whenever possible.
Loading