If you discover a security issue in a Forseti-Life repository:

1. Prefer GitHub Security Advisories when the affected repository supports them.
2. Otherwise email support@forseti.life with enough detail to reproduce the issue safely.
3. Do not post sensitive exploit details in a public issue.

• Initial triage target: within 7 days
• Follow-up may include mitigation guidance, a fix plan, or coordinated disclosure steps

This policy applies across public repositories in the Forseti-Life organization unless a repository provides a more specific local policy.