Security

SECURITY.md

Security Policy

Reporting a Vulnerability

Do not open a public GitHub issue for security vulnerabilities.

Use GitHub's private vulnerability reporting feature or contact maintainers directly.

What to Include

Description of the vulnerability
Steps to reproduce
Potential impact

Response Timeline

Acknowledgment: Within 48 hours
Initial Assessment: Within 7 days

Scope

This policy covers:

The EDP specification (SPEC.md)
JSON schemas
Example implementations

For vulnerabilities in specific EDP registry implementations, contact the respective operators.

Security Considerations

See Section 6 of SPEC.md for security considerations when implementing EDP.

There aren’t any published security advisories