# Security Policies and Procedures
This document outlines security procedures and general policies for the `libmysofa` project.
* [Reporting a Bug](#reporting-a-bug)
* [Disclosure Policy](#disclosure-policy)
* [Comments on this Policy](#comments-on-this-policy)
## Reporting a Bug
The `libmysofa` team and community take all security bugs in `libmysofa` seriously. Thank you for improving the security of `libmysofa`. We appreciate your efforts and responsible disclosure and will make every effort to acknowledge your contributions.
Report security bugs by emailing the lead maintainer at christian.hoene@symonics.com.
The lead maintainer will acknowledge your email within 4 days and will send a more detailed response within 4 days indicating the next steps in handling your report. After the initial reply to your report, the security team will endeavor to keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.
Report security bugs in third-party modules to the person or team maintaining the module.
## Disclosure Policy
When the security team receives a security bug report, they will assign it to a primary handler. This person will coordinate the fix and release process, involving the following steps:
* Confirm the problem and determine whether it affects the main branch.
* Audit code to find any potential similar problems.
* Prepare a fix for the main branch. This fix will be released as fast as possible to github.
## Comments on this Policy
If you have suggestions on how this process could be improved please submit a pull request.
