path exists to help people find their way home through media exploration. security is the foundation that makes this journey possible - protecting the sacred space where curiosity meets discovery.

• authentic protection: no manipulation, just honest security that honors your trust
• human dignity: recognizing that security is about protecting human flourishing
• radical transparency: complete visibility into our security measures and processes
• coming home: helping you feel safe in your digital journey

if you discover something that threatens the safety of our shared journey, please reach out with the same care you'd show a fellow traveler:

when you find a vulnerability, help us understand:

• the path you took to discover it
• how it might affect someone's journey home
• what impact it could have on the human experience
• gentle suggestions for how we might strengthen our foundation

• response time: we'll acknowledge your message within 48 hours
• regular updates: you'll know the status of your report every step of the way
• respectful dialogue: we'll treat your findings with the dignity they deserve

• languages: python and javascript - the languages of our digital home
• frequency: every push and pull request, like a watchful guardian
• coverage: security vulnerabilities and code quality that affect real people
• custom queries: flask-specific and dom-based checks tailored to our architecture

• required reviews: at least one approving review before merging
• status checks: must pass all tests before joining the main path
• linear history: clean, understandable journey through our codebase
• admin enforcement: rules apply to everyone, creating equal safety

• dependabot: automated updates that keep our foundation strong
• security updates: automatic patches for known vulnerabilities
• vulnerability scanning: regular audits to ensure ongoing safety

we understand vulnerabilities through their impact on human experience:

• critical: immediate threat to user data or the integrity of someone's journey
• high: significant risk that could disrupt the path to discovery
• medium: moderate concerns that need attention and care
• low: minor issues that we address with ongoing maintenance
• info: awareness items that help us improve our security posture

we deeply appreciate security researchers who help strengthen our foundation. with your permission, we'll acknowledge your contribution in our security hall of honor - a place where helpfulness meets recognition.

1. code reviews: every change receives careful, human review
2. security testing: we test for common vulnerabilities before they affect users
3. dependency updates: keeping our foundation current and strong
4. input validation: ensuring all inputs are treated with care
5. secure coding: following practices that protect human dignity

1. regular updates: keeping your version current for maximum safety
2. secure environment: running path in environments you trust
3. access control: using appropriate controls for your needs
4. monitoring: staying aware of your digital surroundings

we regularly strengthen our security measures and communicate changes through:

• github security advisories when critical issues arise
• release notes that explain security improvements
• transparent announcements about our security posture

for security-related questions or concerns:

• security issues: use the reporting process above with care
• general questions: create an issue in our repository
• updates: watch this repository for security announcements

security at path is about protecting the human journey. every line of our security policy reflects our commitment to honest protection that serves human flourishing rather than corporate metrics.