If you believe you have found a security or privacy issue affecting HDF5 or related ecosystem components, do not open a public GitHub issue.

Instead, please follow the main HDF5 project’s security policy (e.g., email security contact or use the designated reporting channel).

If you are unsure where to report:

• Contact the SSP SIG maintainers via the repository security contact (to be defined here once established), or
• Contact HDFG through the official security email listed on the HDF5 project website.

The SSP SIG encourages responsible, coordinated disclosure. In general:

• The issue is privately reported to the appropriate maintainers.
• A fix or mitigation is prepared and tested.
• A coordinated advisory and release are prepared.
• Public communication avoids leaking exploitable details before a fix is available.

This repository primarily contains governance and guidance documents. Security vulnerabilities in these documents are unlikely; however:

• If you find sensitive or inappropriate content (e.g., secrets, private data, or overly detailed exploit instructions), please report it using the same channels.