Skip to content

Security: ContextualWisdomLab/scopeweave

SECURITY.md

Security Policy

Reporting a Vulnerability

Please do not report unpatched vulnerabilities through public GitHub issues.

Preferred: use GitHub private vulnerability reporting for this repository:

If private reporting is unavailable, open a public issue that only asks for a secure disclosure channel. Do not include exploit details, secrets, personal data, or unreleased vulnerability information in a public issue.

When reporting, include:

  • affected branch, tag, or commit
  • reproduction steps
  • impact assessment
  • proof-of-concept input or sanitized logs when needed for safe reproduction

Response Expectations

  • acknowledgement target: within 7 days
  • triage or status update target: within 30 days when a fix is feasible
  • coordinated disclosure preferred after a fix or mitigation is available

Safe Handling

Do not send production credentials, private keys, customer data, or copyrighted third-party source documents in reports. Use synthetic fixtures and sanitized evidence whenever possible.

There aren't any published security advisories