This repository contains documentation, templates, and examples for engineering leadership practices. It does not contain executable code or deployed services.
Context: Security issues in this repository are typically: malicious links, unsafe guidance in templates, or accidentally committed secrets. This is not a bug bounty program — it's a simple disclosure process for a documentation repository.
- Malicious content inadvertently added to templates or examples
- Links redirecting to phishing or malware sites
- Accidentally committed secrets, credentials, or PII
- Content that could mislead readers into insecure practices
- Typos or formatting issues (use regular issues)
- Suggestions for additional content (use regular issues)
- Security vulnerabilities in tools mentioned in examples (report to those projects)
If you discover a security issue within scope, please report it responsibly:
- Do not open a public issue
- Do use GitHub's private vulnerability reporting:
- Go to the repository's Security tab
- Click "Report a vulnerability"
- Provide details as described below
- Description of the issue
- Location (file path, line numbers if applicable)
- Potential impact
- Steps to reproduce (if applicable)
- Suggested fix (optional but appreciated)
| Action | Timeframe |
|---|---|
| Acknowledgment | 5 business days |
| Initial assessment | 10 business days |
| Resolution (if confirmed) | 30 business days |
Complex issues may require longer resolution times. We will communicate updates throughout the process.
We appreciate reports made in good faith. If you report an issue through the process above, we will not take action against you for the report itself.
For security-related questions that are not vulnerability reports, open a regular issue with the security-question label.