# Security Policy
### Where to Report
**Most security issues** should be reported directly on our [issue tracker](https://github.com/coder/httpjail/issues). Given the early stage of this tool, we encourage clear and public disclosure to help the community stay informed and protected.
**Particularly sensitive issues** (e.g. those that could lead to arbitrary code execution on the host) should be reported privately to: `security@coder.com`
### Disclosure Preference
Due to the tool's current maturity level, we prefer:
- **Early disclosure** - Report issues as soon as they're discovered
- **Clear communication** - Provide detailed reproduction steps and impact assessment
- **Public transparency** - Use the issue tracker for most reports
As the project matures, we will implement more formal security disclosure processes, including coordinated disclosure timelines and security advisories.