Worked on the indigo-iam/iam repository to deliver a comprehensive update to the SECURITY.md documentation, focusing on security policy and vulnerability reporting. The update clarified the definition of vulnerabilities, outlined detailed reporting methods, and established a clear release policy. Two preferred reporting paths—internal and external—were introduced to streamline vulnerability disclosures and align external reporting with internal release governance. By specifying that bug fixes and new features are typically applied to the latest release, the documentation improved predictability for both external researchers and internal teams. The work was completed using Markdown and emphasized clear, actionable communication to enhance the project’s overall security posture.