Alma Career takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations.

If you believe you have found a security vulnerability in any Alma-owned repository that meets Alma's definition of a security vulnerability, please report it to us as described below.

If you discover a security vulnerability in Spirit Design System, please report it through our official vulnerability disclosure program:

🔗 Alma Career Vulnerability Disclosure

Please:

1. Do NOT create a public GitHub issue
2. Do NOT discuss the vulnerability in public forums, chat rooms, or social media
3. Do report it responsibly using one of the methods below:

1. Go to our GitHub repository
2. Click on the "Security" tab
3. Click "Report a vulnerability"
4. Fill out the security advisory form with detailed information

Send an email to our security team at: [email protected]

Include the following information:

• A clear description of the vulnerability
• Steps to reproduce the issue
• Potential impact assessment
• Any proof-of-concept code (if applicable)
• Your contact information for follow-up

We appreciate the security research community's efforts to improve the security of open source software. Researchers who report valid security vulnerabilities may be:

• Acknowledged in our security advisories (with permission)
• Listed in our contributors section
• Invited to test fixes before public release

If you have questions about this security policy, please contact us at [email protected].

Last Updated: September 2025 Policy Version: 1.0