# Security Policy

If you believe you have found a security vulnerability, please do not file a
public issue or pull request.  Instead, disclose it responsibly through
[hacker one](https://hackerone.com/valve).

Because most of the code in this library is used in the Steamworks SDK and our
games, it is in scope for hackerone reports.  Note that to be eligible
for a bounty, the vulnerability needs to be in a part of the code that is used
by Steam players.