AztecProtocol · saleel · Feb 5, 2026 · Feb 5, 2026 · Feb 5, 2026 · Copilot
@@ -0,0 +1,7 @@
+# CODEOWNERS for Aztec Staking Dashboard
+
+
+# Default owners for everything not matched by a more specific rule
+*                                             @AztecProtocol/sdb-review
+
+
@@ -18,6 +18,8 @@ If you find a bug, please open an issue with:
 4. **Environment details** (browser, OS, Node version)
 5. **Screenshots** if applicable
 
+If your report relates to a **security vulnerability or security-sensitive issue**, please **do not** open a public issue and instead follow the private disclosure process described in `SECURITY.md`.
+
 ### Suggesting Features
 
 For feature requests, open an issue with:

@@ -0,0 +1,35 @@
+## Security Policy
+
+We take the security of the Aztec Staking Dashboard seriously and strongly encourage researchers to report security vulnerabilities privately. Please use the guidelines below when reporting security issues.
+
+## Reporting Security Vulnerabilities
+
+- **Do not** open public GitHub issues or pull requests for suspected security vulnerabilities.
+
+Instead, please use the [Private Vulnerability Reporting](https://github.com/AztecProtocol/staking-dashboard/security/advisories/new) process on GitHub. 
-Instead, please use the [Private Vulnerability Reporting](https://github.com/AztecProtocol/staking-dashboard/security/advisories/new) process on GitHub. 
+Instead, please use the [Private Vulnerability Reporting](https://github.com/AztecProtocol/staking-dashboard/security/advisories/new) process on GitHub.
-Instead, please use the [Private Vulnerability Reporting](https://github.com/AztecProtocol/staking-dashboard/security/advisories/new) process on GitHub. 
+Instead, please use the [Private Vulnerability Reporting](https://github.com/AztecProtocol/staking-dashboard/security/advisories/new) process on GitHub.
+
+- Navigate to the "Security" tab of this repository.
+- Click "Report a vulnerability" on the left sidebar.
+- Fill out the form with the details of your discovery:
+    1. Description of the vulnerability and potential impact
+    2. Steps to reproduce (including logs, requests, or PoCs as appropriate)
+    3. Environment details (browser, OS, network assumptions)
+
+You can also email security@aztec.foundation
-You can also email security@aztec.foundation
+You can also email security@aztec.foundation.
-You can also email security@aztec.foundation
+You can also email security@aztec.foundation.
+
+We will:
+- Acknowledge receipt of your report as soon as reasonably possible
+- Investigate and validate the issue
+- Work on a fix and coordinate disclosure timing with you when appropriate
+
+If you believe a vulnerability is actively being exploited or has severe impact (e.g. loss of funds, key compromise, or broad user impact), please clearly mark the report as **CRITICAL** in the pvr/email subject.
+
+## Reporting Non‑Security Bugs and Feature Requests
-## Reporting Non‑Security Bugs and Feature Requests
+## Reporting Non-Security Bugs and Feature Requests
-## Reporting Non‑Security Bugs and Feature Requests
+## Reporting Non-Security Bugs and Feature Requests
+
+For issues that are **not** security-sensitive (UI glitches, performance problems, feature requests, etc.):
+
+- **Use GitHub Issues** to report bugs, following the guidance in `CONTRIBUTING.md`
+- **Use GitHub Issues or Discussions** to suggest new features or enhancements
+
+Keeping normal bugs and feature requests public helps the community track progress and collaborate on fixes, while keeping security issues private helps protect users until a fix is available.
+