p5.js/SECURITY.md

Security Policy

Reporting a Vulnerability

Please report security vulnerabilities by emailing: responsible.disclosure@processingfoundation.org

What to Expect

• We will acknowledge your email within 72 hours
• We will provide regular updates about our progress
• Once the issue is confirmed and fixed, we may ask you to verify the solution

Disclosure Policy

• Please do not disclose the vulnerability publicly until we have had a chance to address it
• We do not offer bounties as we are a non-profit organization
• We appreciate your efforts to responsibly disclose your findings

Scope

You can use the above email to report vulnerabilities in p5.js and related repositories managed by the processing org, including the reference website.