If you have identified a security vulnerability in system or product please email example@hello.com with your findings. We strongly recommend using our PGP key to prevent this information from falling into the wrong hands.

Upon receipt of a security report the following steps will be taken:

• Acknowledge your report within 48 hours, and provide a further more detailed update within 48 hours.
• Confirm the problem and determine the affected versions
• Keep you informed of the progress towards resolving the problem and notify you when the vulnerability has been fixed.
• Audit code to find any potential similar problems.
• Prepare fixes for all releases still under maintenance. These fixes will be released as fast as possible.
• Handle your report with strict confidentiality, and not pass on your personal details to third parties without your permission.

Whilst the issue is under investigation

• Do provide as much information as possible.
• Do not exploit of the vulnerability or problem you have discovered.
• Do not reveal the problem to others until it has been resolved.