Only the latest release receives security updates. We recommend always using the most recent version.

We take security vulnerabilities seriously. Thank you for helping keep WriteScore and its users safe.

Please do NOT report security vulnerabilities through public GitHub issues.

Instead, use one of these methods:

1. GitHub Private Vulnerability Reporting (Preferred)

   • Go to the Security tab of this repository
   • Click "Report a vulnerability"
   • Fill out the form with details

2. Email

   • Send details to the repository maintainers
   • Include "SECURITY" in the subject line

• Type of vulnerability (e.g., code injection, information disclosure)
• Location of the affected code (file path, line numbers if known)
• Steps to reproduce the issue
• Potential impact
• Any suggested fixes (optional)

• Initial Response: Within 48 hours
• Status Update: Within 7 days
• Resolution Target: Within 30 days for critical issues

1. We'll acknowledge your report within 48 hours
2. We'll investigate and keep you updated on progress
3. Once fixed, we'll coordinate disclosure timing with you
4. We'll credit you in the security advisory (unless you prefer anonymity)

This security policy applies to:

• The WriteScore Python package
• CI/CD workflows in this repository
• Documentation that could lead to security issues

Out of scope:

• Third-party dependencies (report to those projects directly)
• Theoretical vulnerabilities without proof of concept