# Security Policy

The Falco Project and its community take security bugs seriously.

We appreciate your efforts to disclose your findings responsibly and will make every effort to acknowledge your contributions.

## Supported versions

Security updates will typically only be applied to the latest release (at least until Falco reaches the first stable major version).

## Reporting a vulnerability

To report a security issue, email [cncf-falco-maintainers@lists.cncf.io](mailto:cncf-falco-maintainers@lists.cncf.io?subject=SECURITY)
and include the word "SECURITY" in the subject line.

[Maintainers](https://github.com/falcosecurity/evolution/blob/main/MAINTAINERS.md) will send a response indicating the next steps in handling your report.
After the initial reply to your report, we will keep you informed of the progress towards a fix and full announcement
and may ask for additional information or guidance.

Note also that we can use [GitHub Security Advisories](https://help.github.com/en/github/managing-security-vulnerabilities/about-github-security-advisories)
to disclose, fix, and publish information about the vulnerability you responsibly reported to us.

You can find Falco security advisories published [here](https://github.com/falcosecurity/falco/security/advisories?state=published).