# Security Guidelines ## How security is managed on this project The foomo team and community take security seriously and wants to ensure that we maintain a secure environment and provide secure solutions for the open source community. To help us achieve these goals, please note the following before using this software: - Review the software license to understand the contributor's obligations in terms of warranties and suitability for purpose - For any questions or concerns about security, you can [create an issue][new-issue] or [report a vulnerability][new-sec-issue] - We request that you work with our security team and opt for responsible disclosure using the guidelines below - All security related issues and pull requests you make should be tagged with "security" for easy identification - Please monitor this repository and update your environment in a timely manner as we release patches and updates ## Responsibly Disclosing Security Bugs If you find a security bug in this repository, please work with contributors following responsible disclosure principles and these guidelines: - Do not submit a normal issue or pull request in our public repository, instead [report it directly][new-sec-issue]. - We will review your submission and may follow up for additional details - If you have a patch, we will review it and approve it privately; once approved for release you can submit it as a pull request publicly in the repository (we give credit where credit is due) - We will keep you informed during our investigation, feel free to check in for a status update - We will release the fix and publicly disclose the issue as soon as possible, but want to ensure we due properly due diligence before releasing - Please do not publicly blog or post about the security issue until after we have updated the public repo so that other downstream users have an opportunity to patch ## Contact / Misc If you have any questions, please reach out directly by [creating an issue][new-issue]. [new-issue]: https://github.com/foomo/squadron/issues/new/choose [new-sec-issue]: https://github.com/foomo/squadron/security/advisories/new