hello @Gov-10 ,
The project handles sensitive legal documents and claims strong security/privacy features (encryption, secure storage, GDPR compliance, no third-party sharing). However, the repository currently does not include a SECURITY.md file that explains how security vulnerabilities should be reported.
Proposed Change:
Add a SECURITY.md file including:
Private process for reporting vulnerabilities (avoid public issues)
Preferred contact channel for disclosures
Responsible disclosure guidelines and response timeline
Scope of security concerns (document data, storage, auth, API)
Why this is important:
Provides a safe path for reporting vulnerabilities responsibly
Strengthens trust for startups/entrepreneurs using the platform
Aligns the project with GitHub/open-source security best practices
I’m a SWoC’26 contributor and would be happy to work on this if assigned.
hello @Gov-10 ,
The project handles sensitive legal documents and claims strong security/privacy features (encryption, secure storage, GDPR compliance, no third-party sharing). However, the repository currently does not include a SECURITY.md file that explains how security vulnerabilities should be reported.
Proposed Change:
Add a SECURITY.md file including:
Private process for reporting vulnerabilities (avoid public issues)
Preferred contact channel for disclosures
Responsible disclosure guidelines and response timeline
Scope of security concerns (document data, storage, auth, API)
Why this is important:
Provides a safe path for reporting vulnerabilities responsibly
Strengthens trust for startups/entrepreneurs using the platform
Aligns the project with GitHub/open-source security best practices
I’m a SWoC’26 contributor and would be happy to work on this if assigned.