If you discover a security vulnerability in any Siros Foundation repository, please report it responsibly.
Do NOT open a public GitHub issue.
- Email: security@siros.org
- Repository and branch/tag affected
- Steps to reproduce or proof of concept
- Impact assessment (if known)
- Acknowledgement: within 2 business days
- Initial assessment: within 5 business days
- Fix or mitigation: depends on severity, typically within 30 days for critical issues
This policy applies to all repositories under the sirosfoundation GitHub organization.
We credit reporters in release notes (unless you prefer anonymity).