Worked on enhancing security governance for the worldcoin/iris-mpc repository by delivering a comprehensive update to the project’s Security Disclosure Policy. Focused on drafting and refining SECURITY.md documentation in Markdown, the work formalized vulnerability reporting channels and clarified procedures for coordinated disclosure, including integration with the HackerOne bug bounty program and encrypted email options. This update provided clear guidance for reporting issues in both the core project and third-party libraries, reducing risk exposure and improving collaboration with external researchers. The effort demonstrated skills in security policy development, technical documentation, and cross-team coordination, with an emphasis on process clarity and risk mitigation.