Default disclosure policy for all Technika11y repositories.
Report vulnerabilities privately, not via public issues:
- GitHub Report a vulnerability (Security → Advisories) on the affected repo, or
- email the maintainer on the org profile.
Include a description, reproduction, and impact. Target: 5 business days to acknowledge, with a coordinated disclosure timeline agreed before any public write-up.
Technika11y tools are defensive. Several are dual-use security tooling — use them only on systems you own or are explicitly authorized to test. A license is not an authorization.