Choetkiertikul M.Kancharoendee S.Jongyingyos C.Phichitphanphong T.Ragkhitwetsagul C.Reid B.Kula R.G.Sunetnanta T.Mahidol University2026-02-152026-02-152026-05-01Empirical Software Engineering Vol.31 No.3 (2026)13823256https://repository.li.mahidol.ac.th/handle/123456789/115060With security in open-source software development increasingly becoming crucial, security policies are one way to manage vulnerabilities and guide users toward safe practices. To support secure development, platforms like GitHub provide a dedicated section for security policies within repositories. Existing studies focus on the adoption of security policies. However, the detailed content of the security policies has not been examined. Our study aims to fill this gap by analyzing the security policies of 679 PyPI Python libraries hosted on GitHub. We examine the characteristics and content of existing policies and investigate the relationship with project characteristics and recommended security practices by comparing security practice assessments between projects with and without established security policies. The result indicates that projects with security.md shows stronger recommended security practices. This study highlights the importance of adopting a clear and comprehensive security policy to enhance the overall security practices of open-source projects.Computer ScienceArticleSCOPUS10.1007/s10664-025-10794-z2-s2.0-10502955778715737616