helmet/SECURITY.md

help secure Express/Connect apps with various HTTP headers

# Security issue reporting & disclosure process

Please reach out if you think you've found a security issue.

Email Evan Hahn at <me@evanhahn.com>, on Signal at [EvanHahn.64](https://signal.me/#eu/vDide_HmUgHnNa0usMXq8oHAA0gnl5dzCqDeHyXhkeIbIiOcPVhCZKXIZteSqoc8), or [in other ways](https://evanhahn.com/contact).

My playbook for security issues:

- Acknowledge and address the concern as soon as possible
- Issue advisories (CVEs, for example) as needed. Public disclosure may be embargoed to give people time to update
- Consider patching non-current major versions depending on popularity and severity