Skip to content

Security: SecuringTheRealm/securing.quest

SECURITY.md

Security Policy

SecuringTheRealm is a small, part-time/open-source-adjacent project org - there's no dedicated security team, but reports are taken seriously and get a real response, not a form letter.

This policy applies to any repository under this org that doesn't have its own SECURITY.md. A few repos (templates, private tooling) may carry their own policy instead - check the individual repo first if one exists there.

Reporting a vulnerability

Please do not open a public issue for a security problem.

Use the Report a vulnerability button under the Security tab of the affected repository (private vulnerability reporting is enabled org-wide). This keeps the report private until a fix ships.

What to expect

  • A read on whether it's reproducible and roughly when a fix might land, once triaged - timelines vary since this is maintained outside a day job.
  • Credit in the fix notes / advisory, unless you'd rather stay anonymous.
  • No bug bounty - this is a personal/small org, not a funded security programme.

Supported versions

Repos here generally track main / the latest release only; there's no long-term-support branch policy. If a specific repo does maintain older supported versions, that'll be called out in its own SECURITY.md.

There aren't any published security advisories