What is the recommended response time for security reports?

Following industry best practices, this skill helps you acknowledge security reports within a 24-hour window to maintain professional standards.

How does this skill handle Dependabot alerts?

The skill provides a step-by-step workflow to validate, assess, and develop patches for vulnerabilities flagged by Dependabot, ensuring critical fixes are prioritized.

Does this skill help with public security advisories?

Yes, it guides the creation of security advisories and coordinates the timing of public announcements to ensure users are protected before a flaw is disclosed.

Can I use this for any type of software project?

Absolutely. While the logic is hosted in the midi2 repository, the security incident response patterns are universal and applicable to any codebase.

Security Incident Response

Name: Security Incident Response
Author: Fountain-Coach

byFountain-Coach

0•

보안 및 테스팅

Manages the end-to-end lifecycle of security vulnerability reports and patches through coordinated disclosure and timely communication.

This skill provides a structured framework for handling security vulnerabilities within a project, ensuring that critical risks are addressed systematically. It guides the user through acknowledging reports within strict SLAs, assessing severity, developing private fixes, and managing coordinated disclosures. By automating the documentation and communication steps of the incident response process, it helps maintain project integrity and user trust while adhering to industry-standard security practices.

주요 기능

01Private fix development and testing guidance

02Automated severity assessment and documentation

03Coordinated vulnerability disclosure management

040 GitHub stars

05Security advisory and communication generation

06SLA-driven response and patching workflows

사용 사례

01Remediating critical vulnerabilities flagged by automated tools like Dependabot

02Responding to external security vulnerability reports via email or advisories

03Coordinating public disclosure timelines with security researchers and stakeholders

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add fountain-coach/midi2 security-incident-response

For use in Claude.ai and ChatGPT

Download Skill