# Security and Vulnerability Reporting

Sensitive security-related questions, comments, and reports should be sent to
the [gvisor-security mailing list][gvisor-security-list]. You should receive a
prompt response, typically within 48 hours.

Policies for security list access, vulnerability embargo, and vulnerability
disclosure are outlined in the [community][community] repository.

[community]: https://gvisor.googlesource.com/community
[gvisor-security-list]: https://groups.google.com/forum/#!forum/gvisor-security