| Version | Supported |
|---|---|
| 1.x.x | Yes |
If you discover a security vulnerability in this plugin, please report it responsibly.
- Do not open a public GitHub issue for security vulnerabilities
- Email: security@zircote.com (or open a private security advisory on GitHub)
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Initial response: Within 48 hours
- Assessment: Within 7 days
- Fix timeline: Based on severity
| Severity | Target Resolution |
|---|---|
| Critical | 7 days |
| High | 30 days |
| Medium | 90 days |
| Low | Next release |
This plugin provides SDLC guidance and does not execute code or handle sensitive data directly. However, security concerns may include:
- Guidance that could lead to insecure configurations
- Outdated security recommendations
- Missing security best practices
We appreciate responsible disclosure and will acknowledge security researchers who report valid vulnerabilities (unless they prefer to remain anonymous).