| # Security Policy |
| |
| ## Reporting a Vulnerability |
| |
| `apache/brpc` follows the [Apache Software Foundation security process](https://www.apache.org/security/). Please report suspected |
| vulnerabilities privately to `security@apache.org`; do not open public |
| GitHub issues or pull requests for security reports. |
| |
| ## Threat Model |
| |
| What the project treats as in scope and out of scope, the security |
| properties it provides and disclaims, the adversary model, and how |
| findings are triaged are documented in [THREAT_MODEL.md](./THREAT_MODEL.md). |
