Francesco Giacomini updated the SECURITY.md documentation for the indigo-iam/iam repository, focusing on clarifying the definition of security vulnerabilities and formalizing the reporting process. Using Markdown and leveraging his skills in documentation and security policy, he introduced two preferred reporting paths for vulnerability disclosures, addressing both internal and external stakeholders. The update also standardized the release policy by specifying that bug fixes and new features are generally applied to the latest release, which improves predictability and deployment cadence. This work enhanced cross-team communication, reduced triage time, and aligned external vulnerability reporting with internal release governance, demonstrating thorough attention to process clarity.