Document Version: 1.0
Last Updated: July 2026
Effective Date: July 2026
Security vulnerabilities can be reported confidentially to:
Email: security@humanshield-awareness.de
PGP Key: [GPG-Fingerprint to be added]
Response Time: Acknowledgment within 24 hours
Patch Timeline: 30–90 days depending on severity
| Severity | CVSS | Example | Patch Target |
|---|---|---|---|
| CRITICAL | 9.0–10.0 | Authentication bypass, RCE | 48 hours |
| HIGH | 7.0–8.9 | SQL injection, privilege escalation | 7 days |
| MEDIUM | 4.0–6.9 | XSS, CSRF, information disclosure | 30 days |
| LOW | 0.1–3.9 | Documentation errors, best practice violations | 90 days |
- No public disclosures before fix is released
- Proof-of-concept only when necessary
- Coordinate with security@humanshield-awareness.de before public disclosure
- Acknowledgment in security advisories (anonymous or attributed, your choice)