Merge pull request #6 from doublegate/claude/fix-mailto-security-model-018uXWoggzZ3wE5W4wBYVtkg

doublegate · web-flow · commit f6a2c976d1b9 · 2025-11-17T23:54:43.000-05:00
fix(docs): Convert mailto link to plain text in security-model.md
diff --git a/docs/src/security/security-model.md b/docs/src/security/security-model.md
@@ -631,7 +631,7 @@ RUSTFLAGS="-Z sanitizer=address" cargo test --target x86_64-unknown-linux-gnu
 **Responsible Disclosure**: ProRT-IP follows a coordinated vulnerability disclosure process.
 
 **Reporting**:
-- **Email**: security@prtip.dev (PGP key: [0xABCD1234](https://keys.openpgp.org))
+- **Email**: security[at]prtip.dev (PGP key: [0xABCD1234](https://keys.openpgp.org))
 - **GitHub**: Private security advisory (https://github.com/doublegate/ProRT-IP/security/advisories/new)
 
 **Response Timeline**:
diff --git a/docs/src/security/vulnerability-disclosure.md b/docs/src/security/vulnerability-disclosure.md
@@ -5,7 +5,7 @@ ProRT-IP's responsible disclosure policy for security vulnerabilities, bug bount
 ## Quick Reference
 
 **Reporting Channels:**
-- **Email**: security@prtip.dev (PGP: `0xABCD1234`)
+- **Email**: security[at]prtip.dev (PGP: `0xABCD1234`)
 - **GitHub**: [Private Security Advisory](https://github.com/doublegate/ProRT-IP/security/advisories/new)
 - **Urgent**: Contact maintainers directly for critical vulnerabilities
 
@@ -74,10 +74,10 @@ Before reporting, collect:
 gpg --keyserver keys.openpgp.org --recv-keys 0xABCD1234
 
 # Encrypt your report
-gpg --encrypt --armor --recipient security@prtip.dev report.txt
+gpg --encrypt --armor --recipient security[at]prtip.dev report.txt
 
 # Send encrypted report
-cat report.txt.asc | mail -s "Security Vulnerability Report" security@prtip.dev
+cat report.txt.asc | mail -s "Security Vulnerability Report" security[at]prtip.dev
 ```
 
 **Option B: GitHub Security Advisory (Recommended)**
@@ -556,7 +556,7 @@ ProRT-IP agrees to:
 
 ### Security Team
 
-**Primary Contact**: security@prtip.dev
+**Primary Contact**: security[at]prtip.dev
 
 **PGP Public Key**:
 ```
@@ -578,12 +578,12 @@ Available: https://keys.openpgp.org/
 ### Mailing Lists
 
 **Security Announcements** (planned):
-- Subscribe: security-announce@prtip.dev
+- Subscribe: security-announce[at]prtip.dev
 - Frequency: Only critical security updates
 - Archive: https://github.com/doublegate/ProRT-IP/discussions
 
 **General Security Discussion** (planned):
-- Subscribe: security-discuss@prtip.dev
+- Subscribe: security-discuss[at]prtip.dev
 - Frequency: Community discussion, best practices
 - Archive: https://github.com/doublegate/ProRT-IP/discussions
 
@@ -603,7 +603,7 @@ A: Yes! After coordinated disclosure, you are free to publish detailed write-ups
 
 **Q: What if I accidentally trigger a vulnerability in production?**
 
-A: Contact us immediately at security@prtip.dev. If it was unintentional and you report it promptly, we will not pursue legal action.
+A: Contact us immediately at security[at]prtip.dev. If it was unintentional and you report it promptly, we will not pursue legal action.
 
 **Q: Do you assign CVEs?**
 
@@ -789,7 +789,7 @@ ProRT-IP is vulnerable to SQL injection when storing scan results.
 
 **Future Updates**: This policy will be reviewed annually and updated as needed. Major changes will be announced via security mailing list.
 
-**Feedback**: Suggestions for improving this policy? Email security@prtip.dev or open a GitHub discussion.
+**Feedback**: Suggestions for improving this policy? Email security[at]prtip.dev or open a GitHub discussion.
 
 ---
 
