|
| 1 | +# Reporting security issues |
| 2 | + |
| 3 | +The OpenFermion developers and community take security bugs in OpenFermion |
| 4 | +seriously. We appreciate your efforts to responsibly disclose your findings, |
| 5 | +and will make every effort to acknowledge your contributions. |
| 6 | + |
| 7 | +Please **do not** use GitHub issues to report security vulnerabilities; GitHub |
| 8 | +issues are public, and doing so could allow someone to exploit the information |
| 9 | +before the problem can be addressed. Instead, please use the GitHub ["Report a |
| 10 | +Vulnerability"](https://github.com/quantumlib/OpenFermion/security/advisories/new) |
| 11 | +interface from the _Security_ tab of the OpenFermion repository. |
| 12 | + |
| 13 | +Please report security issues in third-party modules to the person or team |
| 14 | +maintaining the module rather than the OpenFermion project stewards, unless you |
| 15 | +believe that some action needs to be taken with OpenFermion in order to guard |
| 16 | +against the effects of a security vulnerability in a third-party module. |
| 17 | + |
| 18 | +## Responses to security reports |
| 19 | + |
| 20 | +The project stewards at Google Quantum AI will send a response indicating the |
| 21 | +next steps in handling your report. After the initial reply to your report, the |
| 22 | +project stewards will keep you informed of the progress towards a fix and full |
| 23 | +announcement, and may ask for additional information or guidance. |
| 24 | + |
| 25 | +## Additional points of contact |
| 26 | + |
| 27 | +Please contact the project stewards at Google Quantum AI via email at |
| 28 | +quantum-oss-maintainers@google.com if you have questions or other concerns. If |
| 29 | +for any reason you are uncomfortable reaching out to the project stewards, |
| 30 | +please email opensource@google.com instead. |
0 commit comments