What is the recommended response time for security reports?

Following industry best practices, this skill helps you acknowledge security reports within a 24-hour window to maintain professional standards.

How does this skill handle Dependabot alerts?

The skill provides a step-by-step workflow to validate, assess, and develop patches for vulnerabilities flagged by Dependabot, ensuring critical fixes are prioritized.

Does this skill help with public security advisories?

Yes, it guides the creation of security advisories and coordinates the timing of public announcements to ensure users are protected before a flaw is disclosed.

Can I use this for any type of software project?

Absolutely. While the logic is hosted in the midi2 repository, the security incident response patterns are universal and applicable to any codebase.

Security Incident Response

Name: Security Incident Response
Author: Fountain-Coach

byFountain-Coach

Security & Testing

Manages the end-to-end lifecycle of security vulnerability reports and patches through coordinated disclosure and timely communication.

About

This skill provides a structured framework for handling security vulnerabilities within a project, ensuring that critical risks are addressed systematically. It guides the user through acknowledging reports within strict SLAs, assessing severity, developing private fixes, and managing coordinated disclosures. By automating the documentation and communication steps of the incident response process, it helps maintain project integrity and user trust while adhering to industry-standard security practices.

Key Features

Private fix development and testing guidance
Automated severity assessment and documentation
Coordinated vulnerability disclosure management
0 GitHub stars
Security advisory and communication generation
SLA-driven response and patching workflows

Use Cases

Remediating critical vulnerabilities flagged by automated tools like Dependabot
Responding to external security vulnerability reports via email or advisories
Coordinating public disclosure timelines with security researchers and stakeholders

About

Key Features

Private fix development and testing guidance
Automated severity assessment and documentation
Coordinated vulnerability disclosure management
0 GitHub stars
Security advisory and communication generation
SLA-driven response and patching workflows

Use Cases

Remediating critical vulnerabilities flagged by automated tools like Dependabot
Responding to external security vulnerability reports via email or advisories
Coordinating public disclosure timelines with security researchers and stakeholders