This organisation follows the OpenSSF Vulnerability Disclosure guide.
Reporting a Vulnerability
Please report vulnerabilities via GitHub Security Advisories. Each repository has its own security advisories page.
To report a vulnerability:
- Go to the affected repository on GitHub (e.g., beam-bots/bb)
- Click the Security tab
- Click Report a vulnerability
- Fill in the details and submit
You can also report organisation-wide issues via the .github repository security advisories.
AI Policy for Security Reports
Security and vulnerability reports are a special case. These issues must be reproduced, written, verified, and analysed by a human being. We cannot allow a machine-to-team pipeline for high-priority security-related issues.
For more details, see the Security & Vulnerability Reports section of our AI Policy.
Response Time
This is a solo-maintained project. I aim to respond within 7 days of your report. If confirmed as a vulnerability, I will open a Security Advisory and follow a 90-day disclosure timeline.
CVE Assignment
For questions about CVE assignment in the Erlang ecosystem, contact the ERLEF vulnerability management team: [email protected]