# Security Policy

## Report a Security Issue

I take security reports seriously and will give them prompt attention.
Security issues should be reported privately to `casey@outskirtslabs.com`, please use the string `OSS-SEC` somewhere in the subject line.
You may encrypt emails with [my public PGP key](https://casey.link/pgp.asc).
_Please_ do not file public issues for security vulnerabilities.

## Security Advisories

Remediation of security vulnerabilities for [maturing](open-source-vital-signs.adoc#maturing) and [stable](open-source-vital-signs.adoc#stable) projects is prioritized.
I endeavor to coordinate remediation with third-party stakeholders and am committed to transparency in the disclosure process.

Security issues are announced via Release notes and Security Advisories on the affected project’s repository, as well as at [docs.outskirtslabs.com](https://docs.outskirtslabs.com) on a best-effort basis.