Security Team

This document outlines the security team structure and responsibilities for the Throttle project.

Security Team Members

Role	Name	GitHub	Email	Responsibilities
Security Lead	Sambhrant Maurya	@sdeonvacation	maurya.sam@hotmail.com	Overall security strategy, vulnerability coordination, security policy
Developer	[Contributors welcome]	-	-	Code security reviews, security testing

The security team is responsible for:

Vulnerability Management
- Monitoring and responding to security reports
- Coordinating disclosure and patches for security vulnerabilities
- Maintaining the security advisory process
Security Reviews
- Reviewing pull requests for security implications
- Conducting periodic security audits of the codebase
- Ensuring security best practices are followed
Security Tooling
- Maintaining security scanning tools (CodeQL, FindSecBugs, OWASP Dependency Check)
- Reviewing and acting on security scan results
- Keeping security tools and configurations up to date
Security Documentation
- Maintaining SECURITY.md policy
- Documenting security architecture and threat models
- Providing security guidance for contributors
Incident Response
- Responding to security incidents
- Coordinating with stakeholders during security events
- Post-incident analysis and improvements

Contributors interested in joining the security team should:

For security-related questions or to report vulnerabilities, see SECURITY.md.

For security team coordination and non-urgent security matters, contact:

Primary: maurya.sam@hotmail.com
GitHub Issues: Use the security label for public security discussions (non-vulnerabilities only)

The security team operates under the following principles:

Transparency: Security processes and decisions are documented and open
Responsiveness: Security reports receive timely acknowledgment and resolution
Continuous Improvement: Regular review and enhancement of security practices
Community Collaboration: Working with the broader security community

Last updated: 2026-03-18