Thank you for your interest in keeping the splitwiser project secure. This document explains how to report security vulnerabilities, what to expect after reporting, and how we handle disclosures.

If you discover a security vulnerability, please do not open an issue on GitHub.

Instead, follow these steps:

1. Email the maintainer directly
2. Include the following details:
   • Description of the vulnerability
   • Steps to reproduce (if possible)
   • Potential impact
   • Any mitigation or workaround suggestions

We ask that you:

• Do not publicly disclose the issue until it has been resolved.
• Avoid testing vulnerabilities in a way that could disrupt services.
• Act in good faith and with respect for user data and privacy.

• We follow a coordinated disclosure approach.
• We appreciate responsible reporting and will publicly disclose the issue only after a fix has been released.

Security fixes will be merged into main and any supported release branches. We will publish release notes describing the fix and migration steps when required.

We value the contributions from the community and encourage responsible disclosure to help keep splitwiser safe and secure for all users.

• GitHub Security Advisories
• OpenSSF Best Practices
• OWASP Top 10