SECURITY.MD

If you have information about a security issue or vulnerability in O3DE, please send the vulnerability report via e-mail tosecurity@o3de.org.

NOTE: Please avoid creating GitHub issues, unless the vulnerability is already publicly disclosed, for example it has been reported in theNational Vulnerability Database.

The vulnerability report should include as much detail as possible, including:

• All relevant fields from the O3DE standardissue template.

• A detailed description of the vulnerability we can use to reproduce your findings.

• A definition of who can exploit this vulnerability and what they would gain.

• Information about any known exploits.

A member of theSIG-Security Issue Response Team will review your e-mail and contact you to collaborate on resolving the issue.

For more details, please refer to theSecurity Documentation for O3DE.

There aren’t any published security advisories