# 🔒 Security Policy
It's critical that if a Cord vulnerability exists, impact is minimized.
## 🛂 Reporting a Vulnerability
**Please refrain from reporting security vulnerabilities through public channels such as Github issues or discussions.**
If you believe you've found a vulnerability, we'd appreciate if you responsibly disclose it by emailing [root@backbone.dev](mailto:root@backbone.dev). Try to be as explicit and detail-oriented as possible when describing how to reproduce the issue.
Providing code snippets, error messages, screenshots and other auxiliary information will go a long way in helping us prepare a fix.
## 📢 Public Disclosure
We hold ourselves to a strict 30-day public disclosure policy for non-critical vulnerabilities and a 60-day policy for critical vulnerabilities to ensure sufficient uptake of a patch prior to disclosure.
With your permission, we're happy to support you by co-authoring or disseminating blog posts and other technical material to educate and notify Cord users.