The safety and security of the MtconnectTranspiler project and its users are paramount. We encourage the responsible reporting of any security vulnerabilities within the project to ensure they are addressed promptly and effectively.

1. Primary Reporting Channel: For potential security vulnerabilities, please report them through the MTConnect Institute's project site at projects.mtconnect.org. This centralized reporting mechanism ensures direct access to the standards committees tasked with addressing these concerns.

2. Secondary Reporting Channel: If you are unable to use the primary reporting channel, please email your report to [email protected]. Include as much detail as possible about the vulnerability, including how it might be exploited.

Upon receiving a report of a security vulnerability, we commit to:

• Acknowledgment: We will review all reported vulnerabilities and acknowledge them as quickly as possible. Due to varying complexities and the need for thorough investigation, we cannot commit to a specific timeline for acknowledgment.
• Communication: Our security team, along with the relevant MTConnect standards committees, will investigate the issue. We may reach out to you for further information or clarification as needed.
• Updates: We aim to keep you informed on the progress of our investigation and any subsequent actions.
• Resolution: After resolving the issue, we will inform you of the outcome and the measures taken to address the vulnerability.
• Confidentiality: We request that details of the vulnerability and our communication remain confidential until the issue has been resolved, at which point a public disclosure may be made, if appropriate.

To facilitate a comprehensive investigation, please include the following information in your report:

• A detailed description of the potential vulnerability.
• Steps to reproduce the issue or a proof-of-concept, if applicable.
• Any relevant URLs or resources that could assist in our investigation.

We are committed to collaborating with the security community to detect and mitigate vulnerabilities responsibly. Your efforts in reporting your findings are greatly appreciated.