# Security Policy

## Reporting a Vulnerability

If there are any vulnerability in **ZeroUI** project, don't hesitate to _report them_.

1. Use any of the [contact addresses](https://github.com/dec0dOS/zero-ui#support).
2. Describe the vulnerability.

- If you have a fix, explain or attach it.
- In the near time, expect a reply with the required steps. Also, there may be a demand for a pull request which include the fixes.

##### You should not disclose the vulnerability publicly if you haven't received an answer in some weeks.

##### If the vulnerability is rejected, you may post it publicly within some hour of rejection, unless the rejection is withdrawn within that time period.

##### After the vulnerability has been fixed, you may disclose the vulnerability details publicly over some days.