## Report a security issue
I welcome security reports and am committed to providing prompt attention to security issues. Security issues should be reported privately via [albin@sjoegren.se](mailto:albin@sjoegren.se). Security issues should not be reported via the public GitHub Issue tracker.
## Vulnerability coordination
Remediation of security vulnerabilities is a priority for me. I will coordinate remediation with third-party project stakeholders via [GitHub Security Advisories](https://help.github.com/en/github/managing-security-vulnerabilities/about-github-security-advisories). Third-party stakeholders may include the reporter of the issue, affected direct or indirect users of **chromata**, and maintainers of upstream dependencies if applicable.
Downstream project maintainers and **chromata** users can request participation in coordination of applicable security issues by sending your contact email address, GitHub username(s) and any other salient information to [albin@sjoegren.se](mailto:albin@sjoegren.se). Participation in security issue coordination processes is at the discretion of me.
## Security advisories
I am committed to transparency in the security issue disclosure process. I will announce security issues via [project GitHub Release notes](https://github.com/resonant-jovian/chromata/releases) and the [RustSec advisory database](https://github.com/RustSec/advisory-db) (i.e. `cargo-audit`).