| # Security Policy | |
| ## Reporting a Vulnerability | |
| If there are any vulnerabilities in this project or in [the playground](https://labs.play-with-docker.com), don't hesitate to _report them_. | |
| 1. Write an email to marcosnils (at) gmail.com | |
| 2. Describe the vulnerability. | |
| If you have a fix, that is most welcome -- please attach or summarize it in your message! | |
| 3. We will evaluate the vulnerability and, if necessary, release a fix or mitigating steps to address it. We will contact you to let you know the outcome, and will credit you in the report. | |
| Please **do not disclose the vulnerability publicly** until a fix is released! | |
| 4. Once we have either a) published a fix, or b) declined to address the vulnerability for whatever reason, you are free to publicly disclose it. | |