Jean-Philippe Brule
5c7736db98
- CLAUDE.md: repo-specific tech stack, commands, deps (points to root) - LICENSE: MIT 2026 svrnty (standardized) - CONTRIBUTING.md: unified workflow, correct co-author email - SECURITY.md: unified vulnerability reporting policy - CHANGELOG.md: Keep a Changelog template (if new) - lefthook.yml: added doc-hygiene hook, improved bootstrap Co-Authored-By: Svrnty Inc. <jp@svrnty.io>
1.1 KiB
1.1 KiB
Security Policy
Reporting a Vulnerability
If you discover a security vulnerability, please report it responsibly.
Do NOT open a public issue.
How to Report
Email: security@svrnty.com
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (optional)
Response Timeline
- Acknowledgment: Within 48 hours
- Initial Assessment: Within 7 days
- Resolution Target: Within 30 days (depending on severity)
What to Expect
- We will acknowledge receipt of your report
- We will investigate and validate the issue
- We will work on a fix and coordinate disclosure
- We will credit you (if desired) when the fix is released
Scope
This policy applies to:
- Code in this repository
- Dependencies we control
- Infrastructure we operate
Out of Scope
- Third-party services or dependencies
- Social engineering attacks
- Physical security
Supported Versions
Security updates are provided for the latest release only.
| Version | Supported |
|---|---|
| Latest | Yes |
| Older | No |