# Security Policy
## Reporting a Vulnerability
Do **not** open public issues for security vulnerabilities.
Report them privately via [GitHub Security Advisories](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/managing-security-advisories-about-your-project).
## Response Time
- **Acknowledgment**: within 48 hours
- **Initial assessment**: within 7 days
- **Fix or mitigation**: depends on severity, typically within 30 days
## Scope
This policy covers all repositories in the celestia-island organization.