| # Security Policy |
| |
| Python [provides a security policy and threat model](https://devguide.python.org/security/policy/) |
| in the Python Developer's Guide documenting what bugs are vulnerabilities, |
| how to structure reports, and what versions of Python accept reports. |
| |
| Python Security Response Team (PSRT) members |
| balance security work against many other responsibilities. Please be thoughtful |
| about the time and attention your report requires. Repeated failure to respect |
| the security policy will result in future reports being rejected, or the |
| reporter being banned from the ``python`` GitHub organization, regardless of |
| technical merit. |
| |
| ## Reporting a Vulnerability |
| |
| The [Python security policy](https://devguide.python.org/security/policy/) |
| documents [how to submit a vulnerability report](https://devguide.python.org/security/policy/#how-to-submit-a-vulnerability-report) |
| using GitHub Security Advisories. Please read the security policy |
| prior to filing a vulnerability report, especially the section on [what information to |
| include and exclude](https://devguide.python.org/security/policy/#what-to-include-and-how-to-structure-a-vulnerability-report) |
| in vulnerability reports. Following the security policy means the PSRT can |
| quickly and efficiently triage your report, not following the security policy |
| will only delay triaging your report. |
| |
