Security Policy

Security threats and vulnerabilities affect everyone using R-multiverse. Issues may include (but are not limited to):

• Unauthorized access to https://github.com/r-multiverse or its repositories.
• Malicious attempts to inundate https://github.com/r-multiverse/contributions/pulls with pull requests.
• Other denial of service (DoS) attacks on the R-multiverse bot or other infrastructure.

Please help keep R-multiverse operational. In the event of publicly visible malicious behavior, such as a DoS attack on https://github.com/r-multiverse/contributions/pulls, please:

1. Report abuse or spam through GitHub.
2. Open an issue at https://github.com/r-multiverse/help to inform R-multiverse administrators.

If you notice a vulnerability that an attacker could potentially exploit, please report it privately. Confidentiality helps fix the problem before most attackers even know about it. After remediation, R-multiverse administrators will open an issue at https://github.com/r-multiverse/help to inform community about the vulnerability and its resolution.

The steps to privately report vulnerabilities are:

1. Navigate to https://github.com/r-multiverse/help/security.
2. Under “Private vulnerability reporting”, click “Report a vulnerability”.
3. Describe the issue in the advisory details form.
4. At the bottom, click “Submit report”. GitHub will then add you as a collaborator on the proposed security advisory you created.