Skip to content

Security: Ankit12prajapat/aiwa-code-quality

Security

SECURITY.md

Security Policy – AiWA Governance Repository

This document defines the security reporting and disclosure policy for the AiWA Governance Repository, which may contain culturally sensitive, ethically governed, and AI-training related data and code.

Reporting a Vulnerability

If you discover a security vulnerability, do not file a public issue. Instead, please report it confidentially to our security team:

Please include:

  • A detailed description of the issue
  • Steps to reproduce (if applicable)
  • Any relevant logs or screenshots
  • Your name and contact information (optional but appreciated)

Disclosure Policy

We follow coordinated disclosure. If you report a vulnerability in good faith:

  • You will not be subject to legal action for your disclosure
  • We will acknowledge your report within 5 business days
  • We aim to patch critical issues within 15 business days
  • You may be publicly credited with consent after resolution

Scope

The following are in scope:

  • All repositories under AiWA-Ai-West-Africa
  • Scripts or workflows used in GitHub Actions
  • Sensitive AI training data pipelines or governance mechanisms

The following are out of scope:

  • Social engineering attacks
  • Denial of Service (DoS) without actual exploit
  • Vulnerabilities in third-party dependencies unless demonstrably exploitable in this repo

Special Considerations for Culturally Sensitive Data

Many assets in this repository are bound by dual-consent and community governance protocols. Unauthorized access, exfiltration, or tampering may trigger legal action under:

  • California and Gambian law
  • Customary rights frameworks recognized by indigenous and oral tradition authorities

Any breach involving these materials may be deemed a cultural and legal violation.

Enforcement & Legal

Violations of this policy or bad-faith actions may result in:

  • Account suspension
  • Revocation of access
  • Notification to platform security teams
  • Pursuit of civil or criminal liability under applicable laws

All legal disputes are subject to the jurisdiction of San Diego County, California.

Thank you for protecting the cultural, digital, and ethical integrity of this project.

There aren’t any published security advisories