br-acc/SECURITY.md

SECURITY POLICY — World Transparency Graph (WTG)

Policy-Version: v1.0.0
Effective-Date: 2026-02-28
Owner: WTG Governance Team

Reporting vulnerabilities

Use GitHub Security Advisories for responsible disclosure:

• Private report path: repository Security tab -> Report a vulnerability.
• Do not disclose exploit details publicly before triage.

Supported versions

Security support applies to:

• Latest main release line.
• Most recent tagged public release.

Older snapshots may not receive security fixes.

Disclosure SLA targets

Target response windows:

• Acknowledgement: within 72 hours.
• Initial triage: within 7 calendar days.
• Mitigation plan: as soon as reproducibility and impact are confirmed.

These targets are best-effort goals, not guaranteed contractual commitments.

If a report is out of scope or non-actionable, rationale will be documented in the advisory workflow.