This document outlines the security policy and procedures for reporting security vulnerabilities in SPIKE, along with the version support policy.

Only the most recent version of SPIKE is currently being supported with security updates.

Note that SPIKE consists of more than a single component, and during a release cut, all components are signed and tagged with the same version.

After SPIKE hits a major 1.0.0. version, this will change, and we will also have a support plan various major versions.

Send your vulnerability reports to [email protected].

We don't have an official turnover time, but if nobody gets back to you within a week please send another email.

We take all vulnerability reports seriously, and you will be notified if your report is accepted or declined, and what further actions we are going to take on it.