This document defines the security, vulnerability disclosure, and incident handling policy for all repositories governed under Elmahrosa International and the TEOS Sovereign Framework.
Security is treated as a civic obligation, not a best-effort practice.
This policy applies to:
- All public and private repositories under the Elmahrosa organization
- All TEOS-governed infrastructure components
- All constitutional, governance, and execution-layer code
| Repository Type | Status |
|---|---|
| Constitutional & Governance Repos | Actively Supported |
| Reference Implementations | Actively Supported |
| Archived Repositories | Read-only |
If you discover a security vulnerability:
DO NOT open a public issue.
Instead, report privately via:
Please include:
- Repository name
- Commit hash or release tag
- Description of the issue
- Potential impact assessment (if known)
- Acknowledgement within 72 hours
- Assessment & classification (severity, scope)
- Mitigation or patch under constitutional constraints
- Coordinated disclosure if required
All security decisions are bound by:
- International Civic Blockchain Constitution (ICBC)
- TEOS Governance Rules
- TESL v2.0 License constraints
No security fix may violate constitutional authority or lawful governance.
This policy aligns with:
- GovStack security expectations
- ISO/IEC 27001 principles
- Sovereign DPI risk frameworks
© Elmahrosa International