Security Policy

I take security reports seriously and will give them prompt attention. Security issues should be reported privately to casey@outskirtslabs.com, please use the string OSS-SEC somewhere in the subject line. You may encrypt emails with my public PGP key. Please do not file public issues for security vulnerabilities.

Remediation of security vulnerabilities for maturing and stable projects is prioritized. I endeavor to coordinate remediation with third-party stakeholders and am committed to transparency in the disclosure process.

Security issues are announced via Release notes and Security Advisories on the affected project’s repository, as well as at docs.outskirtslabs.com on a best-effort basis.