If you discover a security vulnerability, please report it privately and do not open a public issue.

• Private report (GitHub Security Advisory): https://github.com/scraly/developers-conferences-agenda/security/advisories/new

Please include:

• A clear description of the issue
• Steps to reproduce
• Impact assessment
• Suggested fix (if any)

• As this project is maintained by a single maintainer, response times may vary.
• We aim to acknowledge receipt within 10 business days.
• We aim to provide an initial assessment within 30 business days.
• We aim to provide a fix or mitigation within 90 days when possible.
• Coordinated public disclosure is planned after a fix is available.

This policy applies to the source code and workflows in this repository.

• Vulnerabilities in third-party services outside this repository
• Social engineering or phishing tests against contributors

Thank you for helping keep this project secure.