# Security Policy

## Reporting a vulnerability

If you want to report a security issue, please privately disclose the issue either via:
- The mnv-security mailing list: mnv-security@googlegroups.com  
  This is a private list, read only by the maintainers, but anybody can post.
- [GitHub Security Advisories](https://github.com/Project-Tick/Project-Tick/security/advisories/new)

**Please don't publicly disclose the issue until it has been addressed by us.**

## Guidelines for reporting
- Clearly explain **why** the behaviour is a security issue, not just that a bug exists.
- Keep reports concise and focused.
- Do not flood us with a list of issues. Report them one by one to ensure to not overwhelm us with the work load.
- Do **not** submit AI-generated reports without carefully reviewing them first. Low-quality or
  speculative reports waste maintainer time and will be closed without action, and repeat offenders **will be banned**.