# Security Policy

## Supported Versions

We currently support security updates for the latest stable release on PyPI:

- `exectrace-workflow` latest version

## Reporting a Vulnerability

Please do **not** open a public issue for security bugs.

Use one of these methods:

1. GitHub Security Advisories (preferred):
   - Go to Security tab in the repository
   - Click Advisories
   - Start a private vulnerability report
2. If advisories are unavailable, open a private report via repository maintainers.

## Disclosure Timeline

1. We acknowledge reports within 72 hours.
2. We validate and reproduce the issue.
3. We prepare a fix and release patch.
4. We publish an advisory with credit (if requested).

## Hall of Fame

Responsible reporters are credited on the project website under Security Hall of Fame after a fix is shipped.