Skip to content

Security: pic-protocol/pic-spec

Security

SECURITY.md

Security Policy

This document describes how security vulnerabilities related to the PIC Specification and related repositories are handled.

Supported Versions

Only the latest stable release of the PIC Specification is supported for security updates at any given time.

Earlier drafts and obsolete versions are provided for reference only and are not maintained.

Reporting a Vulnerability

Security issues must be reported privately.

Please use GitHub Security Advisories:

https://github.com/pic-protocol/pic-spec/security/advisories/new

Do not open public issues for security vulnerabilities.

Scope

We consider vulnerabilities that could compromise the:

  • confidentiality,
  • integrity,
  • or availability

of the PIC Specification, its reference materials, or its users.

Response Timeline

We aim to:

  • acknowledge reports within 5 business days,
  • provide an assessment or resolution within 30 days, when feasible.

Timelines may vary depending on severity and complexity.

Credit

We are happy to publicly acknowledge security reporters in release notes unless anonymity is requested.

Governance

Security response and coordination are handled by the Specification Steward: Nitro Agility S.r.l.

There aren’t any published security advisories