# Security policy ## Reporting a vulnerability s3audit is an open source project maintained by The Scale Factory. Visit https://www.scalefactory.com/contact-us/ to find contact details for The Scale Factory, including a PGP public key. You should use GitHub to report issues that are not security vulnerabilities, or to request new features. If you discover a vulnerability that could affect information security for someone who runs this tool, please contact The Scale Factory first. We ask that you don't make your vulnerability public until either 90 days since you reported it privately, or you have heard back from the maintainers that a public announcement is OK.