1*c0d9a071SXin LI# Reporting and Fixing Security Issues 2*c0d9a071SXin LI 3*c0d9a071SXin LIPlease do not open GitHub issues or pull requests - this makes the problem immediately visible to everyone, including malicious actors. Security issues in this open source project can be safely reported via the Meta Bug Bounty program: 4*c0d9a071SXin LI 5*c0d9a071SXin LIhttps://www.facebook.com/whitehat 6*c0d9a071SXin LI 7*c0d9a071SXin LIMeta's security team will triage your report and determine whether or not is it eligible for a bounty under our program. 8*c0d9a071SXin LI 9*c0d9a071SXin LI# Receiving Vulnerability Notifications 10*c0d9a071SXin LI 11*c0d9a071SXin LIIn the case that a significant security vulnerability is reported to us or discovered by us---without being publicly known---we will, at our discretion, notify high-profile, high-exposure users of Zstandard ahead of our public disclosure of the issue and associated fix. 12*c0d9a071SXin LI 13*c0d9a071SXin LIIf you believe your project would benefit from inclusion in this list, please reach out to one of the maintainers. 14*c0d9a071SXin LI 15*c0d9a071SXin LI<!-- Note to maintainers: this list is kept [here](https://fburl.com/wiki/cgc1l62x). --> 16