Vulnerability Management Policy

1. Purpose

To identify and remediate vulnerabilities in our systems and the software we operate.

2. Identification

• Automated dependency and code scanning in CI.
• Platform security advisories and alerts (e.g. Dependabot).
• Reports submitted through our Responsible Disclosure Policy.

3. Prioritization & remediation targets

Targets may be adjusted based on exploitability and exposure.

4. Patching

Operating systems, dependencies, and tooling are kept up to date. Critical patches are expedited.

5. Review

This policy is reviewed at least annually.