Report vulnerabilities privately. Do not open public issues for active vulnerabilities.
- Primary contact:
mail@saidwp.com - Alternate: private GitHub security advisory
Include:
- affected versions/commits
- reproduction steps or PoC
- impact assessment
- suggested mitigation
- acknowledge within 72 hours
- initial triage within 7 days
- remediation/disclosure plan after validation
Please wait for a fix or agreed mitigation window before public disclosure.
Portable:
- private reporting requirement
- response-time targets
- coordinated disclosure flow
Project-specific:
- security mailbox
- severity taxonomy
- SLA exceptions