# Security Policy## Reporting a VulnerabilityThe team takes security bugs seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.To report a security issue, email ccpprogrammers[at]gmail.com and include the word "SECURITY" in the subject line.The team will send a response indicating the next steps in handling your report. After the initial reply to your report you will be kept informed of the progress towards a fix and full announcement.Report security bugs in third-party modules to the person or team maintaining the module.## Disclosure PolicyWhen the security team receives a security bug report, they will assign it to aprimary handler. This person will coordinate the fix and release process,involving the following steps:  * Confirm the problem and determine the affected versions.  * Audit code to find any potential similar problems.  * Prepare fixes for all releases still under maintenance. These fixes will be    released as fast as possible to npm.## Comments on this PolicyIf you have suggestions on how this process could be improved please submit apull request.