This document outlines security procedures for the open-source projects of the L4Re Operating System Framework as found on https://github.com/kernkonzept.

Security is very important to us and we take all security vulnerabilities seriously. Thank you for improving the security of our open source software. If you have discovered a security issue, we appreciate your efforts and your responsible disclosure.

Please report a security vulnerability by sending an encrypted email to our security team using our public key to security@kernkonzept.com. The fingerprint of our public key is

C4DC 2909 A22E D080 C012  5373 4055 CBA2 A4FD 855B

Please include the following in your report:

• A description of the vulnerability
• Steps to reproduce the vulnerability

A member of Kernkonzept's security team will confirm the vulnerability, determine its impact, and develop a fix. The fix will be applied to the master branch, tested, and released.