Only the latest version of this project on the default branch is supported with security updates.

Please do not open public GitHub issues for security vulnerabilities.

Instead, use one of the following methods:

1. Private Vulnerability Reporting (preferred):

   • Go to the repository Security tab
   • Click Report a vulnerability
   • Fill out the form with as much detail as possible (steps to reproduce, impact, affected versions, proof-of-concept, etc.)

2. If private reporting is not available:

   • Email the maintainer at: petender@microsoft.com
   • Use the subject line: Security vulnerability report: pshsummit2026-devsecops

When reporting, please include:

• A clear description of the vulnerability and potential impact
• Steps to reproduce (or a proof-of-concept)
• Affected components/files and versions (if known)
• Any suggested mitigations or fixes (if you have them)

We aim to:

• Acknowledge receipt within 3 business days
• Provide a status update within 7 business days
• Release a fix as soon as reasonably possible, depending on severity and complexity

We support coordinated vulnerability disclosure. Please allow a reasonable amount of time to investigate and address the issue before making it public.