# CVA6 Security Policy ## Reporting a Vulnerability If you think you have found a vulnerability in a specific configuration of the CVA6 you can report it using one of the following ways: * Contact the [Eclipse Foundation Security Team](mailto:security@eclipse-foundation.org) * [Report a Vulnerability](https://github.com/openhwgroup/cva6/security/advisories/new) You can find more information about reporting and disclosure at the [Eclipse Foundation Security page](https://www.eclipse.org/security/). ## Security Policy This project follows [Eclipse Foundation Vulnerability Reporting Policy](https://www.eclipse.org/security/policy/).