SECURITY.md

We take the security of this software seriously and are committed to ensuringthat any vulnerabilities are addressed promptly and effectively.

This repository follows the OpenSSFVulnerability Disclosure guide.You can learn more about it in theFinders Guide.

If you believe you have found a security vulnerability in this repository,please report it viaGitHub Security Vulnerability Reportingatgithub.com/erlef/<project>/security/advisories/newor via email tosecurity@erlef.org if that is more suitable for you.

Please do not report vulnerabilities through public channels such as GitHubissues, discussions, or pull requests, to avoid exposing the details of theissue before it has been properly addressed.

We don't implement a bug bounty program or bounty rewards, but will work withyou to ensure that your findings get the appropriate handling.

When reporting a vulnerability, please include as much detail as possible tohelp us triage and resolve the issue efficiently. Information that will bespecially helpful includes:

• The type of issue (e.g., buffer overflow, SQL injection, cross-site scripting, etc.)
• Full paths of source file(s) related to the issue
• The location of the affected source code (e.g., tag, branch, commit, or direct URL)
• Any special configuration required to reproduce the issue
• Step-by-step instructions to reproduce the issue
• Proof-of-concept or exploit code (if available)
• The potential impact, including how the issue might be exploited by an attacker

Our vulnerability management team will respond within 3 working days of yourreport. If the issue is confirmed as a vulnerability, we will open a SecurityAdvisory. This project follows a 90-day disclosure timeline.

If you have any questions about reporting security issues, please contact ourvulnerability management team atsecurity@erlef.org.

There aren’t any published security advisories