**Problem.** A security-testing toolkit without a `SECURITY.md` is a bad look and leaves researchers no canonical disclosure channel. **Actions.** - [ ] Write a `SECURITY.md` at the repo root with: (a) supported-versions table, (b) reporting contact (ais@ai4i.it), (c) expected response SLA, (d) PGP key if applicable. - [ ] Link it from [README.md](README.md) and [CONTRIBUTING.md](CONTRIBUTING.md). - [ ] Enable GitHub's "Private vulnerability reporting" if the repo is on GitHub. **Acceptance:** `SECURITY.md` exists at repo root, linked from README, references a working contact.
Problem.
A security-testing toolkit without a
SECURITY.mdis a bad look and leaves researchers no canonical disclosure channel.Actions.
SECURITY.mdat the repo root with: (a) supported-versions table, (b) reporting contact (ais@ai4i.it), (c) expected response SLA, (d) PGP key if applicable.Acceptance:
SECURITY.mdexists at repo root, linked from README, references a working contact.