This document describes how security vulnerabilities in this project should be reported.

To report a security problem with nss-rs, create a bug in Mozilla's Bugzilla instance in the Core :: Networking component.

IMPORTANT: For security issues, please make sure that you check the box labelled "Many users could be harmed by this security problem". We advise that you check this option for anything that involves anything security-relevant, including memory safety, crashes, race conditions, and handling of confidential information.

Review Mozilla's guides on bug reporting before you open a bug.

Mozilla operates a bug bounty program, for which this project is eligible.