| 1 | # Reporting and Fixing Security Issues |
| 2 | |
| 3 | Please do not open GitHub issues or pull requests - this makes the problem immediately visible to everyone, including malicious actors. Security issues in this open source project can be safely reported via the Meta Bug Bounty program: |
| 4 | |
| 5 | https://www.facebook.com/whitehat |
| 6 | |
| 7 | Meta's security team will triage your report and determine whether or not is it eligible for a bounty under our program. |
| 8 | |
| 9 | # Receiving Vulnerability Notifications |
| 10 | |
| 11 | In the case that a significant security vulnerability is reported to us or discovered by us---without being publicly known---we will, at our discretion, notify high-profile, high-exposure users of Zstandard ahead of our public disclosure of the issue and associated fix. |
| 12 | |
| 13 | If you believe your project would benefit from inclusion in this list, please reach out to one of the maintainers. |
| 14 | |
| 15 | <!-- Note to maintainers: this list is kept [here](https://fburl.com/wiki/cgc1l62x). --> |