Skip to content

Security: silvermanjared-web/brand-context-system

SECURITY.md

Security Policy

Supported Versions

This repository is a public brand-design-system and AI-context bundle. It is not a production software package, deployed application, API, authentication system, or runtime service.

Security updates apply to the current main branch only.

Version / Branch Supported
main
Archived branches, forks, or local copies

Scope

This repository may contain brand context, design-system notes, prompts, selected front-end files, Figma references, asset manifests, web examples, and raw source documents used for AI-assisted design and front-end work.

Security-sensitive issues may include:

  • Accidentally committed secrets, credentials, API keys, tokens, or private URLs
  • Private client, company, employee, or customer information
  • Proprietary source material that should not be public
  • Sensitive design assets or licensed files that should not be redistributed
  • Prompt files that encourage unsafe handling of confidential information
  • Links to private systems, internal tools, or non-public documents
  • Front-end code snippets that expose credentials, tracking IDs, or sensitive configuration

Out of scope:

  • General design feedback
  • Copywriting suggestions
  • Broken links that do not expose private information
  • Non-security GitHub issues
  • Requests for feature work or design-system expansion
  • Automated low-signal vulnerability reports unrelated to the contents of this repository

Reporting a Vulnerability

Please do not open a public GitHub issue for security-sensitive concerns.

To report a vulnerability or sensitive-content exposure, contact:

Jared Silverman
Email: silverman.jared@gmail.com

Please include:

  • A short description of the concern
  • The affected file, folder, URL, or commit if known
  • Why the issue may create security, privacy, licensing, or confidentiality risk
  • Any suggested remediation
  • Whether the information appears to be publicly accessible

Response Expectations

Good-faith reports will be reviewed as soon as practical.

If the report is accepted, remediation may include:

  • Removing or redacting sensitive content
  • Rotating exposed credentials or tokens
  • Removing or replacing assets
  • Updating prompts or documentation
  • Revising repository structure or guidance
  • Removing links to private or sensitive systems

If the report is declined, the reason will be explained when appropriate.

Disclosure Policy

Please allow time for review and remediation before sharing any security-sensitive concern publicly.

This repository is intended to support responsible, public-safe brand and design-system work. Reports that help keep the repository safe, accurate, and appropriately scoped are welcome.

There aren't any published security advisories