Security Policy

Security threats and vulnerabilities affect everyone using R-multiverse. Issues may include (but are not limited to):

Please help keep R-multiverse operational. In the event of publicly visible malicious behavior, such as a DoS attack on https://github.com/r-multiverse/contributions/pulls, please:

  1. Report abuse or spam through GitHub.
  2. Open an issue at https://github.com/r-multiverse/help to inform R-multiverse administrators.

If you notice a vulnerability that an attacker could potentially exploit, please report it privately. Confidentiality helps fix the problem before most attackers even know about it. After remediation, R-multiverse administrators will open an issue at https://github.com/r-multiverse/help to inform community about the vulnerability and its resolution.

The steps to privately report vulnerabilities are:

  1. Navigate to https://github.com/r-multiverse/help/security.
  2. Under “Private vulnerability reporting”, click “Report a vulnerability”.
  3. Describe the issue in the advisory details form.
  4. At the bottom, click “Submit report”. GitHub will then add you as a collaborator on the proposed security advisory you created.