Reporting a Vulnerability

If you have discovered a security vulnerability, please report it to us by using one of the following channels:

• by submitting the GitHub Security Advisory form for the respective GitHub project,

  • e.g. https://github.com/rnpgp/rnp/security/advisories/new

• or by emailing security.reports@ribose.com with the following details:

  • project name,

  • description of the issue,

  • steps taken to reproduce the issue,

  • affected versions,

  • mitigations for the issue, if known.

We believe in responsible disclosure and kindly ask to you to allow us a period of time to investigate and patch the vulnerability before you publish details.

Note	We may have to contact you via separate channels in order to verify the report.