This document outlines our security policy for the code base and product and how to report vulnerabilities.

This repository was created for use by the Centers for Disease Control and Prevention (CDC) which is part of the U.S Department of Health and Human Services (HHS). Vulnerability discloseure is governed by the HHS Vulnerability Disclosure Policy

If you think you have found a vulnerability or security-related issue, please report them to us directly.

Do not create GitHub issues for security issues. Please report any security related issues you find to us or ask us to reach out to you directly.

When informing us of security issues, please use a descriptive subject line for your report. In addition, please include the following information along with your report:

• Your name and affiliation (if any).
• A description of the technical details of the vulnerabilities. This will help us in reliably reproducing your finding(s).
• An explanation of who can exploit this vulnerability, and what they could gain when doing so (an attack scenario). This will help us evaluate your report quickly, especially if the issue is complex.
• Whether this vulnerability public or known to third parties. If it is, please provide details.

If you believe that an existing (public) issue is security-related, please send an email to us. Your report should include the issue ID (and/or link) and a short description of why it should be handled according to this security policy.