# Security & Escalation Process ## Why? Escalating any issue within our team or, especially, when including third-parties we run the risk of wasting people's time & energy. Having a clear set of steps & checklists to follow ensures we only engage individuals & teams outside our immediate scope when necessarry. ## What? Documenting a set of decision trees/flows & checkists. ### Checklist - [ ] Confirm it's a security problem - [ ] Determine a fix - [ ] Draft an advisory - [ ] Review the advisory - [ ] Publish the fix - [ ] Publish the advisory #### Decision Tree ```mermaid graph TD; A[Is this issue valid?]; A-- No -->C; A-- Yes --> B[Is is reproducible?]; B-- Yes -->D; B-- No --> E; ``` ### Actions - [ ] Ask security for their own checklist