# Security Policy
## Reporting a Vulnerability
If you discover a security vulnerability in this project, please report it to us as soon as possible. We appreciate your efforts to disclose findings responsibly.
To report a vulnerability, please email securty@cyberhaven.com and include the following information:
- Description of the vulnerability
- Steps to reproduce the issue
- Possible impact of the vulnerability
- Any potential mitigations you have identified
## Response Process
We do not operate a bug bounty program, but we value your contribution. We are committed to meeting the following targets:
- Initial response within 48 hours
- Confirmation of the issue within 7 days
- Resolution will vary depending on the severity and complexity of the issue
## Disclosure Policy
1. Once a security report is received, we will validate the issue
2. We will prepare fixes for all supported versions
3. We will notify the reporter when we are ready to publish the fix
4. We will release the fix and publicly disclose the issue, with credit given to the reporter
## Scope
This policy applies to the latest version of the main branch.
Thank you for helping to keep our project and users secure!
