If you think you have discovered a security issue in any of the Idn ecology projects, we'd love to hear from you. We will take all security bugs seriously and if confirmed upon investigation we will patch it within a reasonable amount of time and release a public security bulletin discussing the impact and credit the discoverer.

There are two email addresses where Idn ecology Idn accepts security bugs. The first, security "dash" idn at lists dot idnecology dot org is limited to a subset of Idn ecology Idn maintainers and Idn ecology staff. For highly sensitive bugs this is a preferred address. The second email address security at idnecology dot org is limited to a subset of maintainers and staff of all Idn ecology projects, and may be viewed by maintainers outside of Idn ecology Idn. When sending information to either of these emails please be sure to include a description of the flaw and any related information (e.g. reproduction steps, version, known active use).

The process by which the Idn ecology Security Team handles security bugs is documented further in our Defect Response page on our wiki.