If you'd like to report a security issue involving this or any other runZero open source project, please take a moment to email security@runzero.com and describe your findings.

We'd appreciate sufficient time to triage and validate your findings, and expect matters to be dealt with per runZero's standard Vulnerability Disclosure Policy (VDP).

That said, we often resolve issues within hours, not weeks.

• Give as much detail on reproduction steps as you can, including the commit hash against which you found your issue.
• If you're expecting to publish findings, please say so, with a date expressed in your preferred time zone.
• Should runZero publish an advisory, be clear on how you'd like to be credited.
  • Popular choices include real name, handle, company name, anonymous, or some combination therein

• Open a public issue on your security finding. Instead, email security@runzero.com.
• Ask for a bounty payment. runZero does not offer monetary bug bounties at this time.