This document outlines the security policy and threat model for the Stencil project.
The Stencil team and community take all security vulnerabilities seriously. If you believe you have found a security vulnerability in Stencil, please report it to us as described below.
DO NOT report security vulnerabilities through public GitHub issues.
Please email us at [email protected] with a description of the vulnerability and steps to reproduce it. You should receive a response within 48 hours. If for some reason you do not, please follow up via the same email to ensure we received your original message.
For individual threat model analysis, please refer to the SECURITY.md file of a specific repository in this organisation, e.g.: