# Security Policies and Procedures

This document outlines security procedures and general policies for the `libmysofa` project.

  * [Reporting a Bug](#reporting-a-bug)
  * [Disclosure Policy](#disclosure-policy)
  * [Comments on this Policy](#comments-on-this-policy)

## Reporting a Bug

The `libmysofa` team and community take all security bugs in `libmysofa` seriously. Thank you for improving the security of `libmysofa`. We appreciate your efforts and responsible disclosure and will make every effort to acknowledge your contributions.

Report security bugs by emailing the lead maintainer at christian.hoene@symonics.com.

The lead maintainer will acknowledge your email within 4 days and will send a more detailed response within 4 days indicating the next steps in handling your report. After the initial reply to your report, the security team will endeavor to keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.

Report security bugs in third-party modules to the person or team maintaining the module.

## Disclosure Policy

When the security team receives a security bug report, they will assign it to a primary handler. This person will coordinate the fix and release process, involving the following steps:

  * Confirm the problem and determine whether it affects the main branch.
  * Audit code to find any potential similar problems.
  * Prepare a fix for the main branch. This fix will be released as fast as possible to github.

## Comments on this Policy

If you have suggestions on how this process could be improved please submit a pull request.