-
Notifications
You must be signed in to change notification settings - Fork 62
Security policy
Short version: please report security issues by emailing [email protected].
Normal bugs in NEMO can be reported to the NEMO issues page on GitHub, but due to the sensitive nature of security issues, we ask that they not be publicly reported in this fashion.
Instead, if you believe you’ve found something in NEMO which has security implications, please send a description of the issue via email to [email protected]. Mail sent to that address reaches the primary NEMO developers and security administrators at NIST.
Once you’ve submitted an issue via email, you should receive an acknowledgment within 48 hours, and depending on the action to be taken, you may receive further follow-up emails.
When a security issue has been resolved and the NEMO code is patched, we will send a notification via the [email protected] email list that a security release of NEMO is available.