# CVA6 Security Policy

## Reporting a Vulnerability

If you think you have found a vulnerability in a specific configuration of the CVA6 you can report it using one of the following ways:

* Contact the [Eclipse Foundation Security Team](mailto:security@eclipse-foundation.org)
* [Report a Vulnerability](https://github.com/openhwgroup/cva6/security/advisories/new)

You can find more information about reporting and disclosure at the [Eclipse Foundation Security page](https://www.eclipse.org/security/).

## Security Policy

This project follows [Eclipse Foundation Vulnerability Reporting Policy](https://www.eclipse.org/security/policy/).
