# Security Policy

## Reporting a Vulnerability

If you think you've found a potential vulnerability in Imath, please
report it by emailing security@openexr.org. Only OpenEXR Technical
Steering Committee members and Academy Software Foundation project
management have access to these messages. Include detailed steps to
reproduce the issue, and any other information that could aid an
investigation. Our policy is to respond to vulernability reports
within 14 days.

Our policy is to address critical security vulnerabilities rapidly and
post patches as quickly as possible.