| # PyYAML Security Policy | |
| ## Reporting a Suspected Vulnerability | |
| The PyYAML project encourages responsible disclosure of suspected security | |
| vulnerabilities. However, we do not offer bug bounties, paid disclosure, or | |
| paid fixes for discovered vulnerabilities. To report a suspected security | |
| vulnerability, please e-mail details to <security@pyyaml.org> without creating | |
| public issues, pull requests, or discussion. Non-security correspondence to | |
| this address will be ignored. |