Thank you for taking the time to help improve the security of SIR.

If you believe you have found a security issue in this repository:

• Please do not open a public GitHub issue with exploit details.
• Instead, use GitHub’s “Report a vulnerability” feature for this repo.

When you report a vulnerability, include:

• A short description of the issue
• Steps to reproduce
• Any relevant logs, stack traces or proof of concept

We will:

• Acknowledge receipt as soon as we can
• Assess the issue
• Work on a fix and coordinate disclosure if appropriate

This policy covers:

• The SIR firewall code in this repository
• Configuration and workflows in this repository that affect runtime behaviour

It does not cover:

• Third party services or dependencies outside our control
• Forks or modified versions of SIR maintained by others