This repository keeps its canonical security documentation in security/.
For suspected vulnerabilities, do not open a public GitHub issue. Report them privately to bee@skerritt.blog with a subject like [ciphey security] <short summary>, or use GitHub private vulnerability reporting if it is enabled for the repository.
Full documentation:
- Canonical policy: security/SECURITY.md
- Incident response plan: security/incident_response.md
- Threat model: security/threat_model.md