SECURITY.md - external/github.com/docker/cli - Git at Google

 # Security Policy

 The maintainers of the Docker CLI take security seriously. If you discover
 a security issue, please bring it to their attention right away!

 ## Reporting a Vulnerability

 Please **DO NOT** file a public issue, instead send your report privately
 to [security@docker.com](mailto:security@docker.com).

 Reporter(s) can expect a response within 72 hours, acknowledging the issue was
 received.

 ## Review Process

 After receiving the report, an initial triage and technical analysis is
 performed to confirm the report and determine its scope. We may request
 additional information in this stage of the process.

 Once a reviewer has confirmed the relevance of the report, a draft security
 advisory will be created on GitHub. The draft advisory will be used to discuss
 the issue with maintainers, the reporter(s), and where applicable, other
 affected parties under embargo.

 If the vulnerability is accepted, a timeline for developing a patch, public
 disclosure, and patch release will be determined. If there is an embargo period
 on public disclosure before the patch release, the reporter(s) are expected to
 participate in the discussion of the timeline and abide by agreed upon dates
 for public disclosure.

 ## Accreditation

 Security reports are greatly appreciated and we will publicly thank you,
 although we will keep your name confidential if you request it. We also like to
 send gifts - if you're into swag, make sure to let us know. We do not currently
 offer a paid security bounty program at this time.

 ## Supported Versions

 This project uses long-lived branches to maintain releases, and follows
 the maintenance cycle of the Moby project.
 Refer to [BRANCHES-AND-TAGS.md](https://github.com/moby/moby/blob/master/project/BRANCHES-AND-TAGS.md)
 in the default branch of the moby repository to learn about the current
 maintenance status of each branch.
	# Security Policy

	The maintainers of the Docker CLI take security seriously. If you discover
	a security issue, please bring it to their attention right away!

	## Reporting a Vulnerability

	Please DO NOT file a public issue, instead send your report privately
	to [security@docker.com](mailto:security@docker.com).

	Reporter(s) can expect a response within 72 hours, acknowledging the issue was
	received.

	## Review Process

	After receiving the report, an initial triage and technical analysis is
	performed to confirm the report and determine its scope. We may request
	additional information in this stage of the process.

	Once a reviewer has confirmed the relevance of the report, a draft security
	advisory will be created on GitHub. The draft advisory will be used to discuss
	the issue with maintainers, the reporter(s), and where applicable, other
	affected parties under embargo.

	If the vulnerability is accepted, a timeline for developing a patch, public
	disclosure, and patch release will be determined. If there is an embargo period
	on public disclosure before the patch release, the reporter(s) are expected to
	participate in the discussion of the timeline and abide by agreed upon dates
	for public disclosure.

	## Accreditation

	Security reports are greatly appreciated and we will publicly thank you,
	although we will keep your name confidential if you request it. We also like to
	send gifts - if you're into swag, make sure to let us know. We do not currently
	offer a paid security bounty program at this time.

	## Supported Versions

	This project uses long-lived branches to maintain releases, and follows
	the maintenance cycle of the Moby project.
	Refer to [BRANCHES-AND-TAGS.md](https://github.com/moby/moby/blob/master/project/BRANCHES-AND-TAGS.md)
	in the default branch of the moby repository to learn about the current
	maintenance status of each branch.