# Security Policy

## Supported versions

OpenWork is under active development and we prioritize fixes on the latest release and
the current `dev` branch.

## Reporting a vulnerability

Please do not open public GitHub issues for security vulnerabilities.

Instead, report vulnerabilities privately to:

- Email: `ben@openworklabs.com`
- Subject: `[OpenWork security] <short summary>`

Please include:

- A clear description of the issue
- Reproduction steps or proof of concept
- Impact assessment
- Suggested remediation (if known)

## Response expectations

- We will acknowledge receipt within 3 business days.
- We will provide an initial triage status within 7 business days.
- We will share remediation or mitigation guidance as soon as available.

## Disclosure guidance

Please keep details private until a fix or mitigation is available and maintainers
confirm public disclosure timing.