Updated SECURITY.md

maksymuimanov · maksymuimanov · commit 666e928c8053 · 2025-08-13T12:51:10.000+02:00
diff --git a/README.md b/README.md
@@ -225,6 +225,7 @@ classDiagram
 ### Security
 
 The library uses RestrictedPython to create a sandboxed environment for Python execution, preventing potentially harmful operations while allowing controlled script execution.
+Also, you can acknowledge the security policy of the project [here](https://github.com/w4t3rcs/spring-boot-python-executor/blob/master/SECURITY.md).
 
 ### Cache
 
@@ -519,7 +520,8 @@ This environment variable allows you to specify additional Python packages to in
 
 ## 💻 Usage Examples
 
-If you want to check out how the library works, you can check `demo-app` module or examples below
+If you want to check out how the library works,
+you can check [demo-app](https://github.com/w4t3rcs/spring-boot-python-executor/tree/master/demo-app) module or examples below
 
 ### Basic Examples
 
diff --git a/SECURITY.md b/SECURITY.md
@@ -7,10 +7,10 @@ This repository (spring-boot-python-executor) takes security seriously. This doc
 
 ## Security Policy
 
-| Major release | Supported for security fixes |
-|---------------|------------------------------|
-| All active major releases | **Only the latest minor version** of each supported major release will receive security updates. |
-| End-of-life major releases | Not supported — no security updates will be provided. |
+| Major release              | Supported for security fixes                                                                     |
+|----------------------------|--------------------------------------------------------------------------------------------------|
+| All active major releases  | **Only the latest minor version** of each supported major release will receive security updates. |
+| End-of-life major releases | Not supported — no security updates will be provided.                                            |
 
 **Notes**
 - “Latest minor version” means the most recent `x.y.z` published for a given major `x` at the time of the report. Consumers are encouraged to run the latest minor release within each major line to receive security fixes.
@@ -40,7 +40,7 @@ Please provide as much of the following information as you can to help us triage
 - **Logs, stack traces, configuration files** (masked for secrets where appropriate).
 - **Any mitigation or workaround** you believe is relevant.
 
-We treat sensitive attachments as confidential. If you need to send large files, ask first and we will provide guidance.
+We treat sensitive attachments as confidential. If you need to send large files, ask first, and we will provide guidance.
 
 ---
 
@@ -51,22 +51,22 @@ We treat sensitive attachments as confidential. If you need to send large files,
 
 **Triage and response**
 - Initial triage and severity classification will be completed within **7 calendar days**.
-- For confirmed issues we will:
+- For confirmed issues, we will:
   - Assign a severity level and create an internal ticket.
-  - Work on a fix or mitigation plan. For high- and critical-severity issues we will prioritize immediate mitigation.
+  - Work on a fix or mitigation plan. For high- and critical-severity issues, we will prioritize immediate mitigation.
   - Where necessary, coordinate with downstream consumers and the maintainers of related projects.
 
 **Fix and release timeline**
 - For **critical** vulnerabilities that enable remote code execution, data exfiltration, or other severe impacts, we will aim to provide a patch or mitigation **as quickly as feasible**, typically within **14 days**, and publish a security release as soon as the fix has been validated.
 - For **high** severity issues, we aim for a fix within **30 days**.
-- For **medium/low** severity issues, fixes will be scheduled according to maintenance cycles but we will endeavor to address them in a timely manner.
+- For **medium/low** severity issues, fixes will be scheduled according to maintenance cycles, but we will endeavor to address them in a timely manner.
 - If a longer remediation window is required (for example, because a fix risks breaking backward compatibility), we will communicate a mitigation plan and a public timeline to the reporter and coordinate on disclosure.
 
 **Coordinated disclosure**
 - We prefer coordinated disclosure: we will **not** disclose the vulnerability publicly until:
   1. a fix or mitigation is available (or an agreed workaround is published), and
   2. any required advisories and release notes are prepared.
-- We will coordinate with the reporter on timing of the public disclosure and crediting. If you prefer to remain anonymous, tell us in the report and we will respect that preference.
+- We will coordinate with the reporter on the timing of the public disclosure and crediting. If you prefer to remain anonymous, tell us in the report, and we will respect that preference.
 
 ---
 
@@ -97,7 +97,7 @@ We treat sensitive attachments as confidential. If you need to send large files,
 ---
 
 ## Credits
-We appreciate the time and effort of security researchers who help improve this project. Reporters who assist with responsible disclosure and permit acknowledgement will be credited in release notes unless they request anonymity.
+We appreciate the time and effort of security researchers who help improve this project. Reporters who help with responsible disclosure and permit acknowledgement will be credited in release notes unless they request anonymity.
 
 ---
 
