If you discover a security vulnerability in DNA, please report it responsibly.

Do not open a public GitHub issue for security vulnerabilities.

Instead, please report vulnerabilities via GitHub Security Advisories.

You can expect:

• An acknowledgment within 48 hours
• An assessment of the vulnerability within 7 days
• A fix or mitigation plan within 30 days for confirmed vulnerabilities

This policy covers the dna CLI tool, dna library crate, and dna-server HTTP server.