| # Security Policy | |
| For the assumptions, trust boundaries, scope, and what Apache StormCrawler considers a security | |
| vulnerability, see the **[Apache StormCrawler Security Model](https://stormcrawler.apache.org/security/)**. | |
| ## Reporting a Vulnerability | |
| Please report security vulnerabilities privately following the | |
| [ASF security process](https://www.apache.org/security/) — email | |
| [security@apache.org](mailto:security@apache.org). Do not open public GitHub issues for security reports. |