1# Security Policy 2 3## No Warranty 4 5Per the terms of the BSD-2-Clause license, libcoap is offered "as is" and 6without any guarantee or warranty pertaining to its operation. While every 7reasonable effort is made by its maintainers to ensure the product remains 8free of security vulnerabilities, users are ultimately responsible for 9conducting their own evaluations of each software release. 10 11## Reporting a Suspected Vulnerability 12 13If you believe you've uncovered a security vulnerability and wish to report 14it confidentially, you may do so via email. Please note that any reported 15vulnerabilities **MUST** meet all the following conditions: 16 17* Affects the most recent stable release of libcoap, or a current beta release 18* Is reproducible following a prescribed set of instructions 19 20Please note that we **DO NOT** accept reports generated by automated tooling 21which merely suggest that a file or file(s) _may_ be vulnerable under certain 22conditions, as these are most often innocuous. 23 24If you believe that you've found a vulnerability which meets all of these 25conditions, please email a brief description of the suspected bug and 26instructions for reproduction to **libcoap-security@tzi.org**. Please do NOT 27create a public GitHub issue. 28 29### Bug Bounties 30 31As libcoap is provided as free open source software, we do not offer any monetary 32compensation for vulnerability or bug reports, however your contributions are greatly 33appreciated. 34