finos
diff --git a/‎README.md
Lines changed: 5 additions & 5 deletions b/‎README.md
Lines changed: 5 additions & 5 deletions
diff --git a/‎SECURITY.md
Lines changed: 11 additions & 3 deletions b/‎SECURITY.md
Lines changed: 11 additions & 3 deletions
diff --git a/‎index.ts
Lines changed: 4 additions & 1 deletion b/‎index.ts
Lines changed: 4 additions & 1 deletion
@@ -94,7 +94,7 @@ customize for your environment, see the [project's documentation](https://git-pr
 
 ## Contributing
 
-Your contributions are at the core of making this a true open source project. Any contributions you make are **greatly appreciated**. See [`CONTRIBUTING.md`](CONTRIBUTING.md) for more information.
+Your contributions are at the core of making this a truly open source project. Any contributions you make are **greatly appreciated**. See [`CONTRIBUTING.md`](CONTRIBUTING.md) for more information.
 
 ## Security
 
@@ -110,12 +110,12 @@ This project is distributed under the Apache-2.0 license. See [`LICENSE`](LICENS
 
 ## Contact
 
-Drop a note, ask a question or just say hello in our [community Slack channel](https://app.slack.com/client/T01E7QRQH97/C06LXNW0W76) 👋
+Drop a note, ask a question or just say hello in our community Slack channel, which is accessible via the [FINOS Slack Workspace](https://finos-lf.slack.com) 👋
 
-If you can't access Slack, you can also [subscribe to our mailing list](mailto:[email protected]).
+If you can't access Slack, you can also [subscribe to our mailing list](mailto:[email protected]) 📨
+
+Otherwise, if you have a deeper query or require more support, please [raise an issue](https://github.com/finos/git-proxy/issues) 🧵
 
 🤝 Join our [fortnightly Zoom meeting](https://zoom-lfx.platform.linuxfoundation.org/meeting/95849833904?password=99413314-d03a-4b1c-b682-1ede2c399595) on Monday, 4PM BST (odd week numbers). 
 🌍 [Convert to your local time](https://www.timeanddate.com/worldclock)
 📅 [Click here](https://calendar.google.com/calendar/event?action=TEMPLATE&tmeid=MTRvbzM0NG01dWNvNGc4OGJjNWphM2ZtaTZfMjAyNTA2MDJUMTUwMDAwWiBzYW0uaG9sbWVzQGNvbnRyb2wtcGxhbmUuaW8&tmsrc=sam.holmes%40control-plane.io&scp=ALL) for the recurring Google Calendar meeting invite. Alternatively, send an e-mail to [[email protected]](https://zoom-lfx.platform.linuxfoundation.org/meeting/95849833904?password=99413314-d03a-4b1c-b682-1ede2c399595#:~:text=Need-,an,-invite%3F) to get a calendar invitation. 
-
-Otherwise, if you have a deeper query or require more support, please [raise an issue](https://github.com/finos/git-proxy/issues).
@@ -1,5 +1,13 @@
-## Reporting a vulnerability
+# Security Policy
 
-If you discover a vulnerability in git-proxy, please e-mail [[email protected]](mailto:[email protected]).
+GitProxy supports responsible disclosure of security vulnerabilities and adheres to the [FINOS Security Vulnerabilities Policy](https://community.finos.org/docs/governance/Software-Projects/cve-responsible-disclosure). If you find something you believe to be a security issue in GitProxy, we encourage and appreciate your report. Please report the issue privately to the project maintainers using one of the following methods:
 
-Thank you for improving the security of git-proxy.
+## Reporting a Vulnerability
+- **GitHub Security Reports:** In order for the vulnerability reports to reach maintainers as soon as possible, the preferred way is to use the ["Report a vulnerability"](https://github.com/finos/git-proxy/security/advisories) button under the "Security" tab of the associated GitHub project. This creates a private communication channel between the reporter and the maintainers.  
+- **Email:** If you are unable to or have strong reasons not to use the GitHub Security vulnerability reporting feature, please email the maintainers and cc: [[email protected]](mailto:[email protected]) with a description of the vulnerability.
+
+## Vulnerability Process
+
+1. **Report the vulnerability privately** using one of the methods above. Do not create a public GitHub Issue or make any public reference to the vulnerability.
+2. The project team will acknowledge receipt of your report and triage the issue. If a vulnerability is confirmed, the team will work with you to investigate and resolve it.
+3. Once a fix is available, a release will be made and the vulnerability will be publicly disclosed in accordance with the [FINOS policy](https://community.finos.org/docs/governance/Software-Projects/cve-responsible-disclosure).
@@ -1,9 +1,11 @@
 #!/usr/bin/env tsx
 /* eslint-disable max-len */
+import path from 'path';
 import yargs from 'yargs';
 import { hideBin } from 'yargs/helpers';
 import * as fs from 'fs';
 import { configFile, setConfigFile, validate } from './src/config/file';
+import { initUserConfig } from './src/config';
 import proxy from './src/proxy';
 import service from './src/service';
 
@@ -19,7 +21,7 @@ const argv = yargs(hideBin(process.argv))
     },
     config: {
       description: 'Path to custom git-proxy configuration file.',
-      default: 'proxy.config.json',
+      default: path.join(__dirname, 'proxy.config.json'),
       required: false,
       alias: 'c',
       type: 'string',
@@ -29,6 +31,7 @@ const argv = yargs(hideBin(process.argv))
   .parseSync();
 
 setConfigFile(argv.c as string || "");
+initUserConfig();
 
 if (argv.v) {
   if (!fs.existsSync(configFile)) {