>Agent Skill

@fountain-coach/security-incident-response

skilldevelopment

Handle vulnerability reports with coordinated disclosure, timely patches, and clear communication.

apm::install

$apm install @fountain-coach/security-incident-response

apm::skill.md

apm::badge

[![APM](https://img.shields.io/endpoint?url=https%3A%2F%2Fapm-p1ls2dz87-atlamors-projects.vercel.app%2Fapi%2Fbadge%2F%40fountain-coach%2Fsecurity-incident-response&style=flat-square)](https://apm-p1ls2dz87-atlamors-projects.vercel.app/packages/@fountain-coach/security-incident-response)

# Security Incident Response

## Purpose
Handle vulnerability reports with coordinated disclosure, timely patches, and clear communication.

## When to Use
- A security report arrives via advisories or email
- Dependabot flags a critical/high vulnerability

## Steps
1. Acknowledge the report within 24 hours.
2. Validate and assess severity.
3. Develop and test a private fix.
4. Coordinate disclosure timing with the reporter.
5. Publish a patched release and advisory.
6. Announce the resolution and update `SECURITY.md` if needed.

## Output Contract
- Severity is assessed and documented.
- A patched release is published within SLA.
- Security advisory and communication are complete.

## References
- `SECURITY.md` for reporting channels and timelines.