C CERG Cyber Engineering, Risk & Governance
Markdown GitHub

Security

Reporting security issues

If you find a vulnerability or security concern in the CERG framework itself (not in an organization that uses it), please report it responsibly:

  1. Do not open a public GitHub issue for sensitive security findings.
  2. Open a GitHub Security Advisory or contact the maintainers directly.
  3. Allow reasonable time for a response before public disclosure.

What this covers

This policy covers security issues in the CERG repository — broken access controls in the CI pipeline, exposed credentials, or vulnerabilities in the build/deploy tooling.

For security issues in an organization that uses CERG, contact that organization’s security team. CERG is a framework; implementation security is the adopter’s responsibility.

Source: SECURITY.md · Download .md · View on GitHub