We're glad if you want to report a vulnerability!
If you wish to propose text to explain how to detect and prevent a kind of vulnerability that is already publicly known, please just file a normal issue and/or pull request. We don't consider that a "vulnerability report" in the sense that many people use the term.
In some cases we're the wrong place to report vulnerabilities to:
- If you wish to report a vulnerability on a specific project that isn't this project, please don't report that here. Instead, please report the vulnerability to that project.
- If you wish to report a general vulnerability in edX or the Linux Foundation Training & Certification platform, please report the vulnerability to them instead.
However, in some cases we do want you to report a vulnerability to us:
- If you wish to report a vulnerability in this specific course as supported by the Linux Foundation (via edX or the Linux Foundation Training & Certification platform).
- If you wish to propose text to explain how to detect and prevent a kind of vulnerability that has never been publicly announced or discussed anywhere.
If you want to report those kinds of vulnerabilities to us, please use the GitHub mechanism privately reporting a security vulnerability to this repository.