ExecuTrace/SECURITY_ADVISORY.md

Security Advisory Process

This document defines how ExecuTrace handles vulnerability advisories.

Advisory Workflow

1. Receive private report
2. Triaging and severity assessment
3. Patch development and review
4. Coordinated release
5. Public advisory publication and attribution

Severity Guide

• Critical: Remote execution, full compromise
• High: Privilege escalation, data exposure
• Medium: Significant abuse with constraints
• Low: Limited impact

Attribution

Contributors and researchers who responsibly disclose verified vulnerabilities are added to:

• website/data/security_hof.json
• website Security Hall of Fame section

Advisory Template

• Title
• Affected versions
• CVSS/severity
• Technical summary
• Reproduction
• Mitigation
• Fixed version
• Credits