Security Policy

Reporting a Vulnerability

We take security seriously. If you discover a security vulnerability in any Waypoint Compliance Advisory repository, please report it responsibly.

Email: security@waypointca.com

Please include:

Acknowledgment: Within 48 hours
Initial Assessment: Within 7 days
Resolution Timeline: Depends on severity, but we aim for 30 days for critical issues

This policy applies to all public repositories under the WaypointCA GitHub organization.

We're happy to credit researchers who report valid vulnerabilities responsibly. Let us know if you'd like to be acknowledged.

Thank you for helping keep our projects secure.