From 7e7585fff82dcfd9475b1fad5a5b992d4fe6aaa3 Mon Sep 17 00:00:00 2001 From: Nathan Gillett Date: Fri, 22 May 2026 21:54:06 -0500 Subject: [PATCH] Link SECURITY.md to public SECURITY-POLICY.md Signed-off-by: Nathan Gillett --- SECURITY.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 83e1630..e2435fe 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -18,9 +18,9 @@ Please include: ## Response Process IntentProof follows the coordinated security-release process published in -[`IntentProof/intentproof-infra`](https://github.com/IntentProof/intentproof-infra/blob/main/SECURITY-PROCESS.md). -That process defines severity tiers, SLAs, embargo handling, patch release -steps, customer notification, and post-mortem requirements. +[`IntentProof/intentproof-infra`](https://github.com/IntentProof/intentproof-infra/blob/main/SECURITY-POLICY.md). +That policy defines severity tiers, SLAs, embargo handling, public disclosure, +and dependency-scanning rules. Do not report security vulnerabilities through public GitHub Issues unless the issue is already public and contains no sensitive exploitation detail.