# Security Policy
A vulnerability is a technical issue with the OpenAQ Python library which
attackers or hackers could use to exploit the library.
This policy covers only vulnerabilities in the OpenAQ Python library.
You will not be paid a reward for reporting a vulnerability (known as a ‘bug
bounty’).
If the security vulnerability is related to the OpenAQ website or
OpenAQ API service see the security policy at: .
## Reporting a Vulnerability
When you are investigating and reporting the vulnerability for OpenAQ Python you
must not:
- break the law
- access unnecessary or excessive amounts of data
- modify data
- use high-intensity invasive or destructive scanning tools to find
vulnerabilities
- try a denial of service (DOS) - for example overwhelming a service on
openaq.org with a high volume of requests
- tell other people about the vulnerability you have found until we have
disclosed it
- social engineer, phish or physically attack our staff or infrastructure
- demand money to disclose a vulnerability
If you think you found a vulnerability, and even if you are not sure about it,
please report it right away by sending an email to: .
Please try to be as thorough as possible, describing all the steps and example
code to reproduce the security issue.