2021-03-22 03:25:13 +08:00
# Security Policy
## Reporting a Vulnerability
2021-11-10 23:14:04 +08:00
If there are any vulnerabilities in ZeroUI, don't hesitate to _report them_ .
2021-03-22 03:25:13 +08:00
2021-11-10 23:13:01 +08:00
1. Use any of the [private contact addresses ](https://github.com/dec0dOS/zero-ui#support ).
2021-03-22 03:25:13 +08:00
2. Describe the vulnerability.
2021-11-10 23:14:04 +08:00
- If you have a fix, that is most welcome - please attach or summarize it in your message!
2021-03-22 03:25:13 +08:00
2021-11-10 23:13:01 +08:00
3. We will evaluate the vulnerability and, if necessary, release a fix or mitigating steps to address it. We will contact you to let you know the outcome, and will credit you in the report.
2021-03-22 03:25:13 +08:00
2021-11-10 23:13:01 +08:00
- Please **do not disclose the vulnerability publicly** until a fix is released!
2021-03-22 03:25:13 +08:00
2021-11-10 23:13:01 +08:00
4. Once we have either a) published a fix, or b) declined to address the vulnerability for whatever reason, you are free to publicly disclose it.
