Skip to content

Latest commit

 

History

History
35 lines (27 loc) · 1.35 KB

SECURITY.md

File metadata and controls

35 lines (27 loc) · 1.35 KB

Security policy

It's important to us that the Carbon Language provides a secure implementation. Thank you for taking the time to report vulnerabilities.

The Carbon Language is still an experimental project, so please be careful if using it in security-sensitive environments.

Reporting a vulnerability

Please use https://github.com/carbon-language/carbon-lang/security/advisories/new to report security vulnerabilities.

We use GitHub's vulnerability reporting for intake. We will respond to reports within two weeks. For valid issues we will coordinate and disclose on GitHub.

If you haven't received a response, a couple steps to take are (in order):

  1. Contact individuals directly:
  2. Reach out on #infra on Discord (invite)
    • This is a public forum, so say you're asking for a security contact rather than talking about the security issue directly.