This is primarily a documentation and curriculum repository. There is currently no executable application, no user-facing service, and no Python or other dependencies that would surface conventional vulnerabilities. The threat model is therefore limited; the categories that do apply are listed below.

For sensitive issues, use GitHub's private vulnerability reporting: the Security tab on this repository → Report a vulnerability. For non-sensitive issues, file a regular issue using the relevant template.

• Broken or rotted external links — file via the Broken link issue template.
• Misattribution, fabrication, or unverified content — content that contradicts MAINTAINING.md verification standards. File privately if it involves a third party's reputation; otherwise as a regular issue.
• PII or sensitive data accidentally committed — report privately. The maintainer will work with you to remove from history.
• Resources flagged as free that turn out to require payment — file as a regular issue; the maintainer will re-verify and update or remove.

• Vulnerabilities in linked third-party resources (courses, books, repos). Report those to their maintainers.
• Disagreement with curriculum choices — those are pedagogical decisions, not security issues. Open a regular discussion / issue.

The maintainer is a single person. Expected response times:

• Sensitive PII reports: within 72 hours.
• Other security-relevant issues: 7–14 days typical.
• Routine issues: when convenient.

Public disclosure of any vulnerability or sensitive issue should wait until the maintainer has had a reasonable opportunity to investigate and respond.