Security Policy
Supported Versions
| Version |
Supported |
| Latest |
Yes |
Reporting a Vulnerability
Do not report security vulnerabilities through public GitHub issues.
Preferred: GitHub Security Advisories
- Navigate to the repository’s Security tab
- Click “Report a vulnerability”
- Fill out the advisory form with details
- Submit the report
Alternative: Email
Email security concerns to: security@organvm.dev
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
Response Timeline
| Timeline |
Action |
| Within 48 hours |
Acknowledgment |
| Within 7 days |
Assessment and severity classification |
| Within 30 days |
Fix deployed (critical/high severity) |
Security Best Practices
- Never commit secrets, API keys, or credentials
- Use environment variables for sensitive configuration
- Keep dependencies updated
- Follow secure coding practices per CONTRIBUTING.md
Part of the organvm eight-organ system
Last updated: 2026-02-10