[codex] make security triage visible

README.md

@@ -12,7 +12,7 @@
 
 Original Contributors: Hang Yin, Kevin Wang, Andrew Miller
 
-[Documentation](https://docs.phala.com/dstack) · [Examples](https://github.com/Dstack-TEE/dstack-examples) · [Community](https://t.me/+UO4bS4jflr45YmUx)
+[Documentation](https://docs.phala.com/dstack) · [Security](./SECURITY.md) · [Examples](https://github.com/Dstack-TEE/dstack-examples) · [Community](https://t.me/+UO4bS4jflr45YmUx)
 
 </div>
 
@@ -89,6 +89,19 @@ Your container runs inside a Confidential VM, such as Intel TDX or AMD SEV-SNP,
 
 [Full security model →](./docs/security/security-model.md)
 
+## Security and Trust
+
+Security docs are linked here so deployers and reviewers can quickly find the trust model, production guidance, audit, and the status of already-answered public findings.
+
+- [Security Overview](./docs/security/) - entry point for users, operators, researchers, and AI agents
+- [Security Model](./docs/security/security-model.md) - threat model, trust boundaries, and verification checklist
+- [Public Security Reports](./docs/security/public-security-reports.md) - public status for security reports and related hardening work
+- [Security Best Practices](./docs/security/security-best-practices.md) - production settings and hardening guidance
+- [Security Audit](./docs/security/dstack-audit.pdf) - third-party audit by zkSecurity
+- [Report a Vulnerability](./SECURITY.md) - use GitHub's private security reporting path
+
+Please do not disclose exploitable vulnerabilities in public GitHub issues. Use the private reporting path in [SECURITY.md](./SECURITY.md).
+
 ## SDKs
 
 Apps communicate with the guest agent via HTTP over `/var/run/dstack.sock`. Use the [HTTP API](./sdk/curl/api.md) directly with curl, or use a language SDK:
@@ -121,14 +134,6 @@ Apps communicate with the guest agent via HTTP over `/var/run/dstack.sock`. Use
 - [Design Decisions](./docs/design-and-hardening-decisions.md) - Architecture rationale
 - [FAQ](./docs/faq.md) - Frequently asked questions
 
-## Security
-
-- [Security Overview](./docs/security/) - Security documentation and responsible disclosure
-- [Security Model](./docs/security/security-model.md) - Threat model and trust boundaries
-- [Security Best Practices](./docs/security/security-best-practices.md) - Production hardening
-- [Security Audit](./docs/security/dstack-audit.pdf) - Third-party audit by zkSecurity
-- [CVM Boundaries](./docs/security/cvm-boundaries.md) - Information exchange and isolation
-
 ## FAQ
 
 <details>
@@ -180,7 +185,7 @@ Yes. dstack runs on supported TEE-capable servers, including Intel TDX-capable h
 
 - **GCP**: Intel TDX (Confidential VMs)
 - **AWS**: Nitro Enclaves (NSM attestation)
-- **Bare metal**: Intel TDX (4th/5th Gen Xeon) and AMD SEV-SNP on supported dstack OS images
+- **Bare metal**: Intel TDX (4th/5th Gen Xeon) and AMD SEV-SNP on supported dstack OS images. Intel TDX is the production path; AMD SEV-SNP is new and experimental.
 - **GPUs**: NVIDIA Confidential Computing (H100, Blackwell)
 
 </details>
@@ -227,5 +232,3 @@ Logo and branding assets: [dstack-logo-kit](./docs/assets/dstack-logo-kit/)
 ## License
 
 Apache 2.0
-</content>
-</invoke>

SECURITY.md

@@ -0,0 +1,21 @@
+# Security
+
+Use this file for vulnerability reports. For the security model, production guidance, audit, and already-answered public findings, start with [Security Documentation](./docs/security/).
+
+## Report a vulnerability
+
+If you believe you found a vulnerability, please use [GitHub's private security reporting features](https://docs.github.com/en/code-security/how-tos/report-and-fix-vulnerabilities/report-privately) for this repository. If GitHub private reporting is unavailable, contact security@phala.network.
+
+Do not open public GitHub issues for exploitable vulnerabilities or details that could help exploit production deployments.
+
+Use private reporting for issues that could expose secrets, bypass attestation or authorization, compromise KMS keys, weaken workload isolation, or enable unauthorized code or configuration changes in production deployments.
+
+## Public security questions
+
+Use public issues only for questions about documented behavior, documentation gaps, already-public findings, or hardening ideas that do not include an exploit path.
+
+Before opening a public security question, check [Public Security Reports](./docs/security/public-security-reports.md). It records public report status and related hardening or roadmap work.
+
+## Production trust boundary
+
+Development settings are not production-safe merely because they are present in the codebase. Production deployments must rely on measured configuration, expected TEE measurements, authorization policy, and attestation verification. The [Security Model](./docs/security/security-model.md#development-modes-are-auditable-not-production-safe) is the source of truth for what dstack treats as a production guarantee.

docs/security/README.md

@@ -1,17 +1,15 @@
 # Security Documentation
 
-dstack security resources for auditors, researchers, and operators.
+Use these resources to understand dstack's trust model, production requirements, audit history, and public security report status.
 
-## Audit
+## Resources
 
-dstack has been audited by zkSecurity. See the [full audit report](./dstack-audit.pdf).
+- [Security Model](./security-model.md) - threat model, trust boundaries, and verifier checklist
+- [Security Best Practices](./security-best-practices.md) - production hardening for KMS, gateway, and VMM deployments
+- [Security Audit](./dstack-audit.pdf) - zkSecurity audit report
+- [Public Security Reports](./public-security-reports.md) - status of already-public reports and findings
+- [CVM Boundaries](./cvm-boundaries.md) - data exchanged across the CVM, host, KMS, and gateway
 
-## Documentation
+## Report a Vulnerability
 
-- [Security Model](./security-model.md) - Threat model, trust boundaries, and verification checklist
-- [Security Best Practices](./security-best-practices.md) - Production hardening guide
-- [CVM Boundaries](./cvm-boundaries.md) - Information exchange and isolation details
-
-## Responsible Disclosure
-
-To report a security vulnerability, email security@phala.network. We will respond within 48 hours.
+Do not disclose exploitable vulnerabilities in public GitHub issues. Use the private reporting path in [SECURITY.md](../../SECURITY.md). If GitHub private reporting is unavailable, contact security@phala.network.