The OASF-SDK project team welcomes security reports and is committed to providing prompt attention to security issues. Security issues should be reported privately via security@agntcy.org. Security issues should not be reported via the public GitHub Issue tracker.
Remediation of security vulnerabilities is prioritized by the project team. The project team coordinates remediation with third-party project stakeholders via GitHub Security Advisories. Third-party stakeholders may include the reporter of the issue, affected direct or indirect users of OASF-SDK, and maintainers of upstream dependencies if applicable.
Downstream project maintainers and OASF-SDK users can request participation in coordination of applicable security issues by sending your contact email address, GitHub username(s) and any other salient information to security@agntcy.org. Participation in security issue coordination processes is at the discretion of the OASF-SDK team.
The project team is committed to transparency in the security issue disclosure process. The OASF-SDK team announces security issues via project GitHub Release notes.