The LegalWork Atlas LegalWork's documentation, bound to the code it describes
17 documents
SECURITY.md

The security policy. Fixes are prioritized on the latest release and the current `dev` branch. Vulnerabilities go privately to `chris@eigenweltlabs.com` (subject `[LegalWork security] <summary>`), never public issues, with a description, repro/PoC, impact, and suggested remediation. Commits to a response SLA: acknowledge within 3 business days, initial triage within 7, and coordinated private disclosure until a fix is available. When reporting or triaging a security vulnerability.

Security Policy

Supported versions

LegalWork is under active development and we prioritize fixes on the latest release and the current dev branch.

Reporting a vulnerability

Please do not open public GitHub issues for security vulnerabilities.

Instead, report vulnerabilities privately to:

  • Email: chris@eigenweltlabs.com
  • Subject: [LegalWork security] <short summary>

Please include:

  • A clear description of the issue
  • Reproduction steps or proof of concept
  • Impact assessment
  • Suggested remediation (if known)

Response expectations

  • We will acknowledge receipt within 3 business days.
  • We will provide an initial triage status within 7 business days.
  • We will share remediation or mitigation guidance as soon as available.

Disclosure guidance

Please keep details private until a fix or mitigation is available and maintainers confirm public disclosure timing.